From 1a6fd38f2f7b016714ec313ce234fd5356aa956a Mon Sep 17 00:00:00 2001
From: David Sherret <dsherret@users.noreply.github.com>
Date: Tue, 27 Aug 2024 22:03:09 -0400
Subject: fix(permissions): disallow launching subprocess with LD_PRELOAD env
 var without full run permissions (#25221)

Ref https://github.com/denoland/deno/pull/25215

Closes https://github.com/denoland/deno/issues/11964
---
 runtime/ops/process.rs | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

(limited to 'runtime/ops')

diff --git a/runtime/ops/process.rs b/runtime/ops/process.rs
index 9d166a801..564092454 100644
--- a/runtime/ops/process.rs
+++ b/runtime/ops/process.rs
@@ -229,9 +229,23 @@ fn create_command(
   mut args: SpawnArgs,
   api_name: &str,
 ) -> Result<CreateCommand, AnyError> {
-  state
-    .borrow_mut::<PermissionsContainer>()
-    .check_run(&args.cmd, api_name)?;
+  {
+    let permissions = state.borrow_mut::<PermissionsContainer>();
+    permissions.check_run(&args.cmd, api_name)?;
+    // error the same on all platforms
+    if permissions.check_run_all(api_name).is_err()
+      && (args.env.iter().any(|(k, _)| k.trim() == "LD_PRELOAD")
+        || !args.clear_env
+          && std::env::vars().any(|(k, _)| k.trim() == "LD_PRELOAD"))
+    {
+      // we don't allow users to launch subprocesses with the LD_PRELOAD
+      // env var set because this allows executing any code
+      return Err(deno_core::error::custom_error(
+          "PermissionDenied",
+          "Requires --allow-all permissions to spawn subprocess with LD_PRELOAD environment variable."
+        ));
+    }
+  }
 
   let mut command = std::process::Command::new(args.cmd);
 
-- 
cgit v1.2.3