Deno.mainModule should not require permissions #7315
Comments
kitsonk
added
permissions
|
Hmmm... The one "problem" with this is that any module could get information about the local system. We have So personally, I think the permissions should stay, taking the conservative viewpoint, until there is a compelling use case we can't work around reasonably. Actually the point about the stack traces is interesting from a security exploit perspective. I wonder if throwing an error and trapping the trace would expose information about the local file system? |
|
I hit this problem as well working on Node compatibility - accessing |
Network access would allow for exfiltrating this information. |
|
Discussed with other team members, we are going to remove requirement for allow read permission on |
bartlomieju
added
public API
|
Any updates regarding this topic? Thanks |
The value of
Deno.mainModuleis visible in call stacks. In general, we should make it a non-goal to hide information about "calling" code. You can currently hide it from call stacks by moving calls to untrusted code to the top-level of some other insignificant imported module. But the same technique could most likely be used to make sure yourDeno.mainModuleis insignificant.This leaves future opportunities to remove
import.meta.mainin favour ofimport.meta.url == Deno.mainModule, as was intended by the spec: https://github.com/tc39/proposal-import-meta#am-i-the-main-module. But that means we have to statically substituteDeno.mainModulein bundles, leaving no way to get the "true" main module which some people won't like (#6344 (comment)). Anyway, that discussion can wait.The text was updated successfully, but these errors were encountered: