From f3cc760f2fd40145007ced2a37a3a0b2d1b2d9f3 Mon Sep 17 00:00:00 2001
From: Luca Casonato <hello@lcas.dev>
Date: Tue, 7 May 2024 14:51:42 +0200
Subject: fix(runtime): allow r/w access to /etc without --allow-all (#23718)

This is not a special path that can be used to escalate or bypass Deno
permissions, such as `--allow-env`.
---
 runtime/permissions/lib.rs | 9 ---------
 1 file changed, 9 deletions(-)

(limited to 'runtime')

diff --git a/runtime/permissions/lib.rs b/runtime/permissions/lib.rs
index 1ac8779af..e66f16a7f 100644
--- a/runtime/permissions/lib.rs
+++ b/runtime/permissions/lib.rs
@@ -1691,19 +1691,10 @@ impl PermissionsContainer {
           self.check_was_allow_all_flag_passed().map_err(error_all)?;
         }
       }
-      if path.starts_with("/etc") {
-        self.check_was_allow_all_flag_passed().map_err(error_all)?;
-      }
     } else if cfg!(unix) {
       if path.starts_with("/dev") {
         self.check_was_allow_all_flag_passed().map_err(error_all)?;
       }
-      if path.starts_with("/etc") {
-        self.check_was_allow_all_flag_passed().map_err(error_all)?;
-      }
-      if path.starts_with("/private/etc") {
-        self.check_was_allow_all_flag_passed().map_err(error_all)?;
-      }
     } else if cfg!(target_os = "windows") {
       fn is_normalized_windows_drive_path(path: &Path) -> bool {
         let s = path.as_os_str().as_encoded_bytes();
-- 
cgit v1.2.3