From 00970daea2245bf4af6b3ee21d0e522fec5638b8 Mon Sep 17 00:00:00 2001
From: Matt Mastracci <matthew@mastracci.com>
Date: Wed, 3 Jan 2024 16:31:39 -0700
Subject: fix(cli): harden permission stdio check (#21778)

Harden the code that does permission checks to protect against
re-opening of stdin.

Code that runs FFI is vulnerable to an attack where fd 0 is closed
during a permission check and re-opened with a file that contains a
positive response (ie: `y` or `A`). While FFI code is dangerous in
general, we can make it more difficult for FFI-enabled code to bypass
additional permission checks.

- Checks to see if the underlying file for stdin has changed from the
start to the end of the permission check (detects races)
- Checks to see if the message is excessively long (lowering the window
for races)
- Checks to see if stdin and stderr are still terminals at the end of
the function (making races more difficult)
---
 cli/tests/testdata/run/permission_request_long.ts | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 cli/tests/testdata/run/permission_request_long.ts

(limited to 'cli/tests/testdata')

diff --git a/cli/tests/testdata/run/permission_request_long.ts b/cli/tests/testdata/run/permission_request_long.ts
new file mode 100644
index 000000000..05937e95a
--- /dev/null
+++ b/cli/tests/testdata/run/permission_request_long.ts
@@ -0,0 +1 @@
+Deno.open("a".repeat(1e5));
-- 
cgit v1.2.3