Conversation

Notices

1. Embed this notice
   Deno (deno_land@fosstodon.org)'s status on Saturday, 05-Aug-2023 02:06:43 JST Deno

   #Deno 1.36 introduces more flexible security options with the new set of `--deny-*` flags:

   • Embed this notice
     Alex Gleason (alex@gleasonator.com)'s status on Saturday, 05-Aug-2023 02:06:49 JST Alex Gleason

     in reply to

     • Elaine
     @deno_land @elaine Interesting.
   • Embed this notice
     Deno (deno_land@fosstodon.org)'s status on Saturday, 05-Aug-2023 02:07:32 JST Deno

     in reply to

     Here's the set of new deny flags, which have higher precedence over allow flags:

     --deny-env=<VARIABLE_NAME>
     --deny-sys=<API_NAME>
     --deny-hrtime
     --allow-net=<IP/HOSTNAME>
     --deny-ffi=<PATH>
     --deny-read=<PATH>
     --deny-run=<PROGRAM_NAME>
     --deny-write=<PATH>

     Learn more here: https://deno.land/manual/basics/permissions

     Alex Gleason likes this.
   • Embed this notice
     Alex Gleason (alex@gleasonator.com)'s status on Saturday, 05-Aug-2023 02:09:33 JST Alex Gleason

     in reply to
     @deno_land Being able to specify a read/write path is where it's at.
   • Embed this notice
     Alex Gleason (alex@gleasonator.com)'s status on Saturday, 05-Aug-2023 02:13:43 JST Alex Gleason

     in reply to

     • Alex Gleason
     @deno_land Lol Deno would completely avoid the directory traversal attack from Pleroma this morning with this sandboxing configured
     victor likes this.