fix: prevent node mode to be used as script runner by other apps (#40579)
This commit is contained in:
Cheng Zhao
GitHub
parent
9aa73abe78
commit
cb0da6ff34
8 changed files with 301 additions and 88 deletions
|
|
@ -13,6 +13,7 @@
|
|||
#include "base/base_switches.h"
|
||||
#include "base/command_line.h"
|
||||
#include "base/containers/fixed_flat_set.h"
|
||||
#include "base/environment.h"
|
||||
#include "base/feature_list.h"
|
||||
#include "base/strings/string_util.h"
|
||||
#include "base/strings/utf_string_conversions.h"
|
||||
|
|
@ -20,6 +21,7 @@
|
|||
#include "base/task/thread_pool/thread_pool_instance.h"
|
||||
#include "content/public/common/content_switches.h"
|
||||
#include "electron/electron_version.h"
|
||||
#include "electron/fuses.h"
|
||||
#include "gin/array_buffer.h"
|
||||
#include "gin/public/isolate_holder.h"
|
||||
#include "gin/v8_initializer.h"
|
||||
|
|
@ -35,13 +37,16 @@
|
|||
#endif
|
||||
|
||||
#if BUILDFLAG(IS_LINUX)
|
||||
#include "base/environment.h"
|
||||
#include "base/posix/global_descriptors.h"
|
||||
#include "base/strings/string_number_conversions.h"
|
||||
#include "components/crash/core/app/crash_switches.h" // nogncheck
|
||||
#include "content/public/common/content_descriptors.h"
|
||||
#endif
|
||||
|
||||
#if BUILDFLAG(IS_MAC)
|
||||
#include "shell/common/mac/codesign_util.h"
|
||||
#endif
|
||||
|
||||
#if !IS_MAS_BUILD()
|
||||
#include "components/crash/core/app/crashpad.h" // nogncheck
|
||||
#include "shell/app/electron_crash_reporter_client.h"
|
||||
|
|
@ -100,12 +105,36 @@ int NodeMain(int argc, char* argv[]) {
|
|||
exit(1);
|
||||
}
|
||||
|
||||
auto os_env = base::Environment::Create();
|
||||
bool node_options_enabled = electron::fuses::IsNodeOptionsEnabled();
|
||||
#if BUILDFLAG(IS_MAC)
|
||||
if (node_options_enabled && os_env->HasVar("NODE_OPTIONS")) {
|
||||
// On macOS, it is forbidden to run sandboxed app with custom arguments
|
||||
// from another app, i.e. args are discarded in following call:
|
||||
// exec("Sandboxed.app", ["--custom-args-will-be-discarded"])
|
||||
// However it is possible to bypass the restriction by abusing the node mode
|
||||
// of Electron apps:
|
||||
// exec("Electron.app", {env: {ELECTRON_RUN_AS_NODE: "1",
|
||||
// NODE_OPTIONS: "--require 'bad.js'"}})
|
||||
// To prevent Electron apps from being used to work around macOS security
|
||||
// restrictions, when NODE_OPTIONS is passed it will be checked whether
|
||||
// this process is invoked by its own app.
|
||||
if (!ProcessBelongToCurrentApp(getppid())) {
|
||||
LOG(ERROR) << "NODE_OPTIONS is disabled because this process is invoked "
|
||||
"by other apps.";
|
||||
node_options_enabled = false;
|
||||
}
|
||||
}
|
||||
#endif // BUILDFLAG(IS_MAC)
|
||||
if (!node_options_enabled) {
|
||||
os_env->UnSetVar("NODE_OPTIONS");
|
||||
}
|
||||
|
||||
#if BUILDFLAG(IS_WIN)
|
||||
v8_crashpad_support::SetUp();
|
||||
#endif
|
||||
|
||||
#if BUILDFLAG(IS_LINUX)
|
||||
auto os_env = base::Environment::Create();
|
||||
std::string fd_string, pid_string;
|
||||
if (os_env->GetVar("CRASHDUMP_SIGNAL_FD", &fd_string) &&
|
||||
os_env->GetVar("CRASHPAD_HANDLER_PID", &pid_string)) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue