Permission meta-data manifest file #3675
Comments
|
Relevant wasmtime/WASI issues with an interesting discussion on the permission granularity:
It may be useful to keep track of where WASI is going in regards to the permissions granularity and how to define them as sets etc. |
|
Not a fan of having a seperate "manifest" file that sets things like permissions. /**
* @file template.ts
* @description Templates YAML and applies Terraform as required.
* @copyright 2020 Brandon Kalinowski
* @license MIT
* @permissions --allow-read
* @lockfile ./lock.json
*/Or make it an API: /**
* @file template.ts
* @description Templates YAML and applies Terraform as required.
* @copyright 2020 Brandon Kalinowski
* @license MIT
*/
Deno.requirePermissions({ ... })I prefer the former because it can be statically determined without execution. It's also quite a nice DX for the user:
The CLI can easily do something similar.
I'd like to avoid crawling the filesystem for config files as much as possible. |
|
I like @brandonkal's suggestion. But what about modules with multiple exports and each one has different permission requirements? Here's an imaginary YAML permissions example for a module repo: deps.ts:
export:
readFileStr:
read: true
writeFileStr:
write: true
mod.ts:
export:
readText:
read: true
writeText:
write: true
test.ts:
script:
net:
- github.com
- deno.land
read: true
write: truewhere each script can have two keys
Note: It's just an imaginary idea to use as an example. I'm not suggesting this format or YAML format.
I agree with this, and I wonder if there's a way to accomodate more explicit and granular permission requirements without a permissions config file. |
I don't think this is a good argument since you can put your command, including all switches, into a shell script, batch file, Makefile or similar executable file in order for them to be "inspectable". |
The problem with that is that it's not a single, cross-platform format. There have been efforts to help with this. Ref: https://github.com/BentoumiTech/denox |
|
There's already a ton of cross-platform task runners. Makefiles are cross-platform, too, by the way. Frankly, I don't think that YAML... scripts:
start:
file: main.ts
deno_options:
allow-net: example.com...is any better than Make. start:
deno run --allow-net=example.com main.ts In fact, YAML is far less powerful as far as the language is concerned (no variables, control-flow, etc.)... And, at least to me, in this case, it kind of obfuscates the commands that will be executed. That being said, I'm not against improved permissions nor manifest files. I just don't think that "inspectability" is a good argument for creating a meta data file in this case. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions. |
|
Not stale |
|
I just wanted to drop by and say that this was one of the first things that bothered me when I tried to switch a project over to Deno, and I was surprised that a solution wasn't already baked-in to the CLI for this. Responding to:
While I totally get that I could put a Deno command-line into a Makefile or a shell-script, it's somewhat important (to me, at least) that whatever the solution is, that it work out-of-the-box without other tools. It's also not always going to be clear what permissions are going to be, or how they are applied across projects if that were the case. As an example, in Node we might not like using Personally, I like the API approach (the standard request/query permissions API that just recently came out could help with this use a lot), and I also like the manifest approach (A Deno project.toml file? YAML? Something like that). I think those are both good options. |
Once in a while a proposal for permissions file for Deno is suggested.
Sometimes it's strictly for permissions like here and sometimes it's more general like the comprehensive meta-data file in #3179.
This issue is to track info about similar systems if the idea of permission files come up in the future.
(For running complex Deno applications in the future it may be useful to be able to have single file that can be inspected and used instead of multiple command-line switches. Also, a similar format to express by the program the need for permissions to avoid issues described in #3655 would be useful and it might use a format similar to that for granting the permissions by the user.)
There are some existing systems that use JSON or YAML files with the same purpose, some use command-line switches. Maybe some of those solutions can serve as an inspiration for Deno (mainly how the permissions are defined, but maybe also how they work).
CloudABI - https://cloudabi.org/
A capability-based runtime environment for running untrusted native code without containers.
Supports C, C++, Python, Rust (Node.js coming soon - could it support Deno too?)
It uses YAML files to define permissions.
See:
https://github.com/NuxiNL/cloudabi#capability-based-security
Fuchsia - https://fuchsia.dev/
https://en.wikipedia.org/wiki/Google_Fuchsia
An operating system based on capabilities.
It uses JSON files to define permissions in component manifests
(CML - component manifest language - with a JSON Schema)
See:
https://fuchsia.dev/fuchsia-src/concepts/components/capabilities
https://fuchsia.dev/fuchsia-src/concepts/components/component_manifests
WASI - https://wasi.dev/
The WebAssembly System Interface
Since Deno can run WebAssembly, it might me useful to look into it.
See:
https://github.com/bytecodealliance/wasmtime/blob/master/docs/WASI-capabilities.md
It doesn't define how to describe permissions, implementations like Wasmtime do, see below.
Wasmtime - https://wasmtime.dev/
A runtime for WASM with WASI support.
It uses command line switches like
--dir=.and--mapdir=/tmp::/var/tmpto give permissions to the executed program.See:
https://github.com/bytecodealliance/wasmtime/blob/master/docs/WASI-tutorial.md
Capsicum - https://www.cl.cam.ac.uk/research/security/capsicum/
an OS capability and sandbox framework for FreeBSD and Linux, extension to the POSIX API, it is quoted as one of the inspirations for WASI.
https://www.usenix.org/legacy/events/sec10/tech/full_papers/Watson.pdf
Related issues:
The text was updated successfully, but these errors were encountered: