Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Concerns About Using --allow-all Flag in Deno #26881

Closed
abhayraj-yadav-st4 opened this issue Nov 15, 2024 · 3 comments
Closed

Concerns About Using --allow-all Flag in Deno #26881

abhayraj-yadav-st4 opened this issue Nov 15, 2024 · 3 comments

Comments

@abhayraj-yadav-st4
Copy link

Description:

I've been using the --allow-all flag with Deno for convenience, but I'm worried about the security implications, especially in production.

Problems:

  • Security Risks: --allow-all grants unrestricted access to the file system, network, environment variables, etc. This could be dangerous if any dependencies are compromised or untrusted.

  • Lack of Permission Control: It bypasses Deno's permission system, making it hard to know what specific permissions a script actually needs.

  • Accidental Misuse: With all permissions enabled, there's a higher chance of scripts performing unintended actions that could be harmful.

  • Challenges Without --allow-all:

    • Managing individual permissions can be tedious.
    • Missing permissions might cause runtime errors.
    • Keeping track of all required permissions as the project grows is tough.

Suggestion:

Is there a way to balance convenience and security? Maybe improving how permissions are managed or providing better tools to handle them could help.
@BlackAsLight
Copy link

I don't think there is a good way just yet for people to document and communicate what permissions their libs need to operate. At the moment it's just a "run without permissions and see what breaks" approach.

But once you know what permissions your code needs to run, instead of passing -A all the time, construct a task in deno.json and just call that. This should remove any tediousness you're experiencing.

@uncomfyhalomacro
Copy link
Contributor

From my understanding, the permission control is used to let you identify what potential attack vector your project has based on the prompts that was asked. For example, it requires network access, you might want to harden and create a firewall and only allow a specific port. Another thing would be read and write access. If a project has too broad scope to have read and write access on your local system, you might want to isolate it further in a sandbox, container or vm so it won't touch your host system.

Disclaimer: Not a security person. Just some thoughts and comments about it.

@dsherret
Copy link
Member

This issue report is a bit too broad to track. Please open specific issues with specific suggestions.

Probably allowing permissions in the config file will make things easier #12763 (though the design of that still needs to be worked out as it might lead to accidental privilege escalation, which suggestions like #26372 might solve)

@dsherret dsherret closed this as not planned Won't fix, can't repro, duplicate, stale Nov 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dsherret @BlackAsLight @uncomfyhalomacro @abhayraj-yadav-st4