summaryrefslogtreecommitdiff
path: root/tests/specs/run/ld_preload
AgeCommit message (Collapse)Author
2024-11-12fix(permissions): say to use --allow-run instead of --allow-all (#26842)David Sherret
For https://github.com/denoland/deno/issues/26839
2024-09-16refactor(permissions): split up Descriptor into Allow, Deny, and Query (#25508)David Sherret
This makes the permission system more versatile.
2024-09-10feat(cli): use NotCapable error for permission errors (#25431)Luca Casonato
Closes #7394 --------- Co-authored-by: snek <snek@deno.com>
2024-09-04fix: lock down allow-run permissions more (#25370)David Sherret
`--allow-run` even with an allow list has essentially been `--allow-all`... this locks it down more. 1. Resolves allow list for `--allow-run=` on startup to an absolute path, then uses these paths when evaluating if a command can execute. Also, adds these paths to `--deny-write` 1. Resolves the environment (cwd and env vars) before evaluating permissions and before executing a command. Then uses this environment to evaluate the permissions and then evaluate the command.
2024-08-28fix(permissions): disallow any `LD_` or `DYLD_` prefixed env var without ↵David Sherret
full --allow-run permissions (#25271) Follow up to https://github.com/denoland/deno/pull/25221 I looked into what the list was and it was quite extensive, so I think as suggested in https://github.com/denoland/deno/issues/11964#issuecomment-2314585135 we should disallow this for any `LD_` prefixed env var.
2024-08-27fix(permissions): disallow launching subprocess with LD_PRELOAD env var ↵David Sherret
without full run permissions (#25221) Ref https://github.com/denoland/deno/pull/25215 Closes https://github.com/denoland/deno/issues/11964
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 12:10:45 +0000