我的书签
添加书签
移除书签For the following example has been granted read-only access to the file system. It cannot write to the file system, or perform any other security sensitive functions.
The following permissions are available:
- —allow-env=\
- —allow-hrtime Allow high-resolution time measurement. High-resolution time can be used in timing attacks and fingerprinting.
- —allow-net=\
- —allow-ffi Allow loading of dynamic libraries. Be aware that dynamic libraries are not run in a sandbox and therefore do not have the same security restrictions as the Deno process. Therefore, use with caution. Please note that —allow-ffi is an unstable feature.
- —allow-read=\
- —allow-write=\
- -A, —allow-all Allow all permissions. This enables all security sensitive functions. Use with caution.
Some permissions allow you to grant access to a specific list of entities (files, servers, etc) rather than to everything.
File system access
This example restricts file system access by allowing read-only access to the
/usr directory. In consequence the execution fails as the process was
attempting to read a file in the /etc directory:
$ deno run --allow-read=/usr https://deno.land/std@$STD_VERSION/examples/cat.ts /etc/passwderror: Uncaught PermissionDenied: read access to "/etc/passwd", run again with the --allow-read flag► $deno$/dispatch_json.ts:40:11at DenoError ($deno$/errors.ts:20:5)...
deno run --allow-read=/etc https://deno.land/std@$STD_VERSION/examples/cat.ts /etc/passwd
--allow-write works the same as --allow-read.
Network access
This is an example of how to allow network access to specific hostnames or ip addresses, optionally locked to a specified port:
# Multiple hostnames, all ports alloweddeno run --allow-net=github.com,deno.land fetch.js# A hostname at port 80:# An ipv4 address on port 443deno run --allow-net=1.1.1.1:443 fetch.js# A ipv6 address, all ports alloweddeno run --allow-net=[2606:4700:4700::1111] fetch.js
If tries to establish network connections to any hostname or IP not explicitly allowed, the relevant call will throw an exception.
deno run --allow-net fetch.js
Environment variables
This is an example of how to allow access to environment variables:
# Allow all environment variablesdeno run --allow-env env.js# Allow access to only the HOME env vardeno run --allow-env=HOME env.js
Note for Windows users: environment variables are case insensitive on Windows, so Deno also matches them case insensitively (on Windows only).
Subprocess permissions
Subprocesses are very powerful, and can be a little scary: they access system
resources irregardless of the permissions you granted to the Deno process that
spawns them. The cat program on unix systems can be used to read files from
disk. If you start this program through the Deno.run API it will be able to
read files from disk even if the parent Deno process can not read the files
directly. This is often referred to as privilege escalation.
Because of this, make sure you carefully consider if you want to grant a program
--allow-run access: it essentially invalidates the Deno security sandbox. If
you really need to spawn a specific executable, you can reduce the risk by
limiting which programs a Deno process can start by passing specific executable
names to the --allow-run flag.
const proc = Deno.run({ cmd: ["whoami"] });
Permission flags were explained by Ryan Dahl in his 2020 talk about the Deno security model at Speakeasy JS:
