permission: fix some vulnerabilities in fs by tniessen · Pull Request #47091 · nodejs/node

tniessen · 2023-03-14T17:47:46Z

Without this patch, any restrictions imposed by the permission model can be easily bypassed, granting full read and write access to any file. On Windows, this could even be used to delete files that are supposed to be write-protected.

This likely also fixes a separate bug in fsPromises.open(), which currently incorrectly requires read permissions even for write-only access. (Unless that was somehow intentional?)

I'm not very confident in my understanding of the permission model. Please review carefully.

Fixes: #47090

nodejs-github-bot · 2023-03-14T21:43:03Z

CI: https://ci.nodejs.org/job/node-test-pull-request/50382/

RafaelGSS

Good catch. I wasn't aware of write_as_side_effects. That's indeed bizarre.

src/node_file.cc

test/parallel/test-permission-deny-fs-read.js

RafaelGSS

LGTM.

Without this patch, any restrictions imposed by the permission model can be easily bypassed, granting full read and write access to any file. On Windows, this could even be used to delete files that are supposed to be write-protected. Fixes: nodejs#47090

tniessen · 2023-03-15T19:06:30Z

I changed the implementation to follow V8 conventions as suggested by @targos and @addaleax. The diff is in c291faa.

tniessen · 2023-03-15T21:01:17Z

Both Jenkins CI runs failed on Windows due to test-http-max-sockets, which also failed in #47108, so it seems unrelated.

tniessen · 2023-03-17T14:11:37Z

It might be good to get more eyes on this, perhaps from @nodejs/libuv since especially the behavior on Windows depends more on how libuv translates flags than on Windows itself.

nodejs-github-bot · 2023-03-19T03:13:40Z

CI: https://ci.nodejs.org/job/node-test-pull-request/50454/

nodejs-github-bot · 2023-03-19T12:58:30Z

Landed in aa30e16

tniessen added fs Issues and PRs related to the fs subsystem / file system. security Issues and PRs related to security. labels Mar 14, 2023

nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. labels Mar 14, 2023

tniessen mentioned this pull request Mar 14, 2023

test-permission-deny-fs-wildcard always fails during coverage-windows GitHub action #47093

Closed

tniessen requested a review from RafaelGSS March 14, 2023 20:44

RafaelGSS added the request-ci Add this label to start a Jenkins CI on a PR. label Mar 14, 2023

github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Mar 14, 2023

RafaelGSS reviewed Mar 14, 2023

View reviewed changes

src/node_file.cc Outdated Show resolved Hide resolved

src/node_file.cc Outdated Show resolved Hide resolved

test/parallel/test-permission-deny-fs-read.js Show resolved Hide resolved

RafaelGSS approved these changes Mar 15, 2023

View reviewed changes

tniessen added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Mar 15, 2023

RafaelGSS mentioned this pull request Mar 15, 2023

src,process: initial permission model implementation #44004

Merged

marco-ippolito approved these changes Mar 15, 2023

View reviewed changes

tniessen force-pushed the permission-fix-some-fatal-flaws-in-fs-open branch from c291faa to 233eb62 Compare March 15, 2023 19:05

RafaelGSS added the request-ci Add this label to start a Jenkins CI on a PR. label Mar 15, 2023

github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Mar 15, 2023