fix(runtime): allow r/w access to /etc without --allow-all (#23718)

This is not a special path that can be used to escalate or bypass Deno permissions, such as `--allow-env`.
author: Luca Casonato <hello@lcas.dev> 2024-05-07 14:51:42 +0200
committer: GitHub <noreply@github.com> 2024-05-07 14:51:42 +0200
commit: f3cc760f2fd40145007ced2a37a3a0b2d1b2d9f3 (patch)
tree: df3664bc7f814ef0cce1f9d380f26a0135c5f333 /runtime
parent: e7a2317f5a18751ecc1a63b3464690b125839ecf (diff)
1 files changed, 0 insertions, 9 deletions
diff --git a/runtime/permissions/lib.rs b/runtime/permissions/lib.rs
index 1ac8779af..e66f16a7f 100644
--- a/runtime/permissions/lib.rs
+++ b/runtime/permissions/lib.rs
@@ -1691,19 +1691,10 @@ impl PermissionsContainer {
           self.check_was_allow_all_flag_passed().map_err(error_all)?;
         }
       }
-      if path.starts_with("/etc") {
-        self.check_was_allow_all_flag_passed().map_err(error_all)?;
-      }
     } else if cfg!(unix) {
       if path.starts_with("/dev") {
         self.check_was_allow_all_flag_passed().map_err(error_all)?;
       }
-      if path.starts_with("/etc") {
-        self.check_was_allow_all_flag_passed().map_err(error_all)?;
-      }
-      if path.starts_with("/private/etc") {
-        self.check_was_allow_all_flag_passed().map_err(error_all)?;
-      }
     } else if cfg!(target_os = "windows") {
       fn is_normalized_windows_drive_path(path: &Path) -> bool {
         let s = path.as_os_str().as_encoded_bytes();
author	Luca Casonato <hello@lcas.dev>	2024-05-07 14:51:42 +0200
committer	GitHub <noreply@github.com>	2024-05-07 14:51:42 +0200
commit	f3cc760f2fd40145007ced2a37a3a0b2d1b2d9f3 (patch)
tree	df3664bc7f814ef0cce1f9d380f26a0135c5f333 /runtime
parent	e7a2317f5a18751ecc1a63b3464690b125839ecf (diff)