sigmaSd
commented
1 year ago I understand by reading env you can read api keys, but is a there a theoretical risk about writing an env ?
Open tmcw opened 1 year ago
sigmaSd
commented
1 year ago I understand by reading env you can read api keys, but is a there a theoretical risk about writing an env ?
tmcw
commented
1 year ago I think so - for example, a script could write to PATH and change what you run when you run a command like ls.
Deno's
Commandinterface provides a nice way to clear the environment variables exposed to a child process -clearEnv. But a child process can still write to the environment if given--allow-env. It'd be nice to have a middle ground in which a process can read environment variables (which would allow for much broader npm module compatibility) but not write them.Could there be something like
--allow-env-readto make this permission more fine-tuned?