From 97f39eb50a4f6a56ed7142a2b680df8908639e43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Sat, 17 Aug 2024 15:03:21 +0200 Subject: [PATCH] doc: add note on weakness of permission model Malicious JavaScript code can bypass the permission model. Hence, it does not fulfill the requirements of a security mechanism against malicious code. PR-URL: https://github.com/nodejs/node/pull/54268 Reviewed-By: Rafael Gonzaga --- doc/api/permissions.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/doc/api/permissions.md b/doc/api/permissions.md index 21e174e9e0ae51..fd1a8e5859fae1 100644 --- a/doc/api/permissions.md +++ b/doc/api/permissions.md @@ -9,6 +9,15 @@ with those resources. The resource can be entirely allowed or denied, or actions related to it can be controlled. For example, file system reads can be allowed while denying writes. + This feature does not protect against malicious code. According to the Node.js + [Security Policy][], Node.js trusts any code it is asked to run. + +The permission model implements a "seat belt" approach, which prevents trusted +code from unintentionally changing files or using resources that access has +not explicitly been granted to. It does not provide security guarantees in the +presence of malicious code. Malicious code can bypass the permission model and +execute arbitrary code without the restrictions imposed by the permission +model. If you find a potential security vulnerability, please refer to our [Security Policy][].