From c6793f52b9a636b7df130d22b6e87e846245885d Mon Sep 17 00:00:00 2001
From: David Sherret <dsherret@users.noreply.github.com>
Date: Wed, 28 Aug 2024 21:11:37 -0400
Subject: fix(permissions): disallow any `LD_` or `DYLD_` prefixed env var
 without full --allow-run permissions (#25271)

Follow up to https://github.com/denoland/deno/pull/25221

I looked into what the list was and it was quite extensive, so I think
as suggested in
https://github.com/denoland/deno/issues/11964#issuecomment-2314585135 we
should disallow this for any `LD_` prefixed env var.
---
 tests/integration/run_tests.rs | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'tests/integration/run_tests.rs')

diff --git a/tests/integration/run_tests.rs b/tests/integration/run_tests.rs
index 64e9d1c22..ade5c4560 100644
--- a/tests/integration/run_tests.rs
+++ b/tests/integration/run_tests.rs
@@ -501,6 +501,10 @@ itest!(_088_dynamic_import_already_evaluating {
 // TODO(bartlomieju): remove --unstable once Deno.Command is stabilized
 itest!(_089_run_allow_list {
   args: "run --unstable --allow-run=curl run/089_run_allow_list.ts",
+  envs: vec![
+    ("LD_LIBRARY_PATH".to_string(), "".to_string()),
+    ("DYLD_FALLBACK_LIBRARY_PATH".to_string(), "".to_string())
+  ],
   output: "run/089_run_allow_list.ts.out",
 });
 
@@ -3708,6 +3712,10 @@ itest!(test_and_bench_are_noops_in_run {
 #[cfg(not(target_os = "windows"))]
 itest!(spawn_kill_permissions {
   args: "run --quiet --allow-run=cat spawn_kill_permissions.ts",
+  envs: vec![
+    ("LD_LIBRARY_PATH".to_string(), "".to_string()),
+    ("DYLD_FALLBACK_LIBRARY_PATH".to_string(), "".to_string())
+  ],
   output_str: Some(""),
 });
 
-- 
cgit v1.2.3