Hacker News new | ask | show | jobs
by CalmStorm 2212 days ago
Deno's sandbox security is somewhat similar to Mandatory Access Control (MAC) implemented by SELinux and AppArmor. But it looks like not as fine-grained as MAC. In the example:

deno run --allow-net myWebserver.ts

With SELinux, one can specify the port range and network interface that the application is allowed to access. It also provides audit log that can be examined by the admin. Maybe there is no need to reinvent the wheel but just use some form of MAC if you really care about security.
2 comments
jessaustin 2212 days ago
Am I wrong in thinking that this example specifically does not protect against the threat posed immediately preceding it? As in, one is running a script that foolishly imports a nefarious package that uploads tasty environmental variables to an evil server, which it can do when network access is not controlled. Well, what if myWebserver.ts imports that package? A more fine-grained approach that limited network access by source file might be valuable.
link
wwweston 2212 days ago
> A more fine-grained approach that limited network access by source file might be valuable.

This is what I think I'd like to see as well. The most common case isn't that I don't trust the program I'm running, it's that the level of trust for my dependencies plus their dependencies is essentially opaque.

link
pacoverdi 2212 days ago
That's my impression too (see my other comment).

Each package published to Deno could come with a set of declared permissions (similarly to Android apps).

When importing the package in a module, Deno should detect that permissions scoped at current module level are wider than what the package requires, and automatically narrow down the list of authorized calls.

This would probably be very costly. Suppose that I'm importing a function from lodash (that requires no permissions) and my module calls it repeatedly while also accessing the file system...

link
Matthias247 2212 days ago
From the docs at https://deno.land/manual/getting_started/permissions:

> --allow-net=\<allow-net> Allow network access. You can specify an optional, comma separated list of domains to provide a whitelist of allowed domains.

So it seems to allow for a bit more fine-grained configs than just opening up everything.

link