Deno: `--allow-read` allows writes to Unix sockets
Deno.connect({ transport: "unix", path: "/path/to/socket" }) only requires --allow-read=/path/to/socket, yet allows you to write to the socket. On typical Linux systems, that means deno run --unstable --allow-read foo.ts could connect to the DBus socket and potentially run arbitrary commands, depending on what services are running.
Note: transport: "unix" is only available with --unstable right now.
Here's a proof-of-concept script that should produce a little notification like this with deno run --unstable --allow-read dbus-notify.ts on a typical Linux system with systemd and a user ID of 1000.
solson
👍2
👀1
>All comments
Related: DatagramConn#send() seems like it should be checking for write (not read) permission.
diff --git a/cli/ops/net.rs b/cli/ops/net.rs
index 2be65e1e..7a2c062f 100644
--- a/cli/ops/net.rs
+++ b/cli/ops/net.rs
@@ -224,17 +224,17 @@ async fn op_datagram_send(
SendArgs {
rid,
transport,
transport_args: ArgsEnum::Unix(args),
} if transport == "unixpacket" => {
let address_path = Path::new(&args.path);
{
let s = state.borrow();
- s.borrow::<Permissions>().check_read(&address_path)?;
+ s.borrow::<Permissions>().check_write(&address_path)?;
}
let mut state = state.borrow_mut();
let resource = state
.resource_table
.get_mut::<net_unix::UnixDatagramResource>(rid as u32)
.ok_or_else(|| {
custom_error("NotConnected", "Socket has been closed")
})?;
bnoordhuis
on 5 Oct 2020
👍4
Was this page helpful?
0 / 5 - 0 ratings
Related issues
kyeotic
路
3Comments
doutchnugget
路
3Comments
ry
路
3Comments
sh7dm
路
3Comments
ry
路
3Comments
Most helpful comment
Related:
DatagramConn#send()seems like it should be checking for write (not read) permission.