From c31c39e5c935b55f461fc01b7cb07cfb4dab81a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Thu, 8 Aug 2024 16:27:37 +0200 Subject: [PATCH] doc: add note on weakness of permission model Malicious JavaScript code can bypass the permission model. Hence, it does not fulfill the requirements of a security mechanism against malicious code. --- doc/api/permissions.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/doc/api/permissions.md b/doc/api/permissions.md index d41c94d74f676d..c3697ca26d3a92 100644 --- a/doc/api/permissions.md +++ b/doc/api/permissions.md @@ -15,6 +15,7 @@ be accessed by other modules. The resource can be entirely allowed or denied, or actions related to it can be controlled. For example, file system reads can be allowed while denying writes. + This feature does not protect against malicious code. If you find a potential security vulnerability, please refer to our [Security Policy][]. @@ -595,6 +596,10 @@ There are constraints you need to know before using this system: #### Limitations and Known Issues +* The permission model provides no security guarantees in the presence of + malicious code. Even when the permission model is enabled, malicious code can + bypass it and execute arbitrary code without the restrictions that are usually + imposed by the permission model. * Symbolic links will be followed even to locations outside of the set of paths that access has been granted to. Relative symbolic links may allow access to arbitrary files and directories. When starting applications with the