diff options
| author | Nayeem Rahman <nayeemrmn99@gmail.com> | 2023-08-30 18:52:01 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-08-30 18:52:01 +0100 |
| commit | 1cce3060227f7bc53a8d5ad938f092362cf78855 (patch) | |
| tree | 9abfe9f27372291b9f04e11a4e4127bb2daf39af /runtime/Cargo.toml | |
| parent | d28384c3deec1497d28f0f6bd16cf51de832e572 (diff) | |
fix(runtime/permissions): Resolve executable specifiers in allowlists and queries (#14130)
Closes #14122.
Adds two extensions to `--allow-run` behaviour:
- When `--allow-run=foo` is specified and `foo` is found in the `PATH`
at startup, `RunDescriptor::Path(which("foo"))` is added to the
allowlist alongside `RunDescriptor::Name("foo")`. Currently only the
latter is.
- When run permission for `foo` is queried and `foo` is found in the
`PATH` at runtime, either `RunDescriptor::Path(which("foo"))` or
`RunDescriptor::Name("foo")` would qualify in the allowlist. Currently
only the latter does.
Diffstat (limited to 'runtime/Cargo.toml')
| -rw-r--r-- | runtime/Cargo.toml | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/runtime/Cargo.toml b/runtime/Cargo.toml index d4401effd..5ab50714d 100644 --- a/runtime/Cargo.toml +++ b/runtime/Cargo.toml @@ -109,6 +109,7 @@ termcolor = "1.1.3" tokio.workspace = true tokio-metrics.workspace = true uuid.workspace = true +which = "4.2.5" [target.'cfg(windows)'.dependencies] fwdansi.workspace = true |