Skip to content

Commit

Permalink
lib,permission: disable fchmod/fchown when pm enabled
Browse files Browse the repository at this point in the history 
PR-URL: nodejs-private/node-private#584
Refs: https://hackerone.com/reports/2472071
CVE-ID: CVE-2024-36137
  • Loading branch information
@RafaelGSS
RafaelGSS committed Jul 6, 2024
1 parent 5d9c811 commit 9357433
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 0 deletions.
15 changes: 15 additions & 0 deletions lib/fs.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1873,6 +1873,11 @@ function fchmod(fd, mode, callback) {
mode = parseFileMode(mode, 'mode');
callback = makeCallback(callback);

if (permission.isEnabled()) {
callback(new ERR_ACCESS_DENIED('fchmod API is disabled when Permission Model is enabled.'));
return;
}

const req = new FSReqCallback();
req.oncomplete = callback;
binding.fchmod(fd, mode, req);
Expand All @@ -1885,6 +1890,9 @@ function fchmod(fd, mode, callback) {
* @returns {void}
*/
function fchmodSync(fd, mode) {
if (permission.isEnabled()) {
throw new ERR_ACCESS_DENIED('fchmod API is disabled when Permission Model is enabled.');
}
binding.fchmod(
fd,
parseFileMode(mode, 'mode'),
Expand Down Expand Up @@ -2010,6 +2018,10 @@ function fchown(fd, uid, gid, callback) {
validateInteger(uid, 'uid', -1, kMaxUserId);
validateInteger(gid, 'gid', -1, kMaxUserId);
callback = makeCallback(callback);
if (permission.isEnabled()) {
callback(new ERR_ACCESS_DENIED('fchown API is disabled when Permission Model is enabled.'));
return;
}

const req = new FSReqCallback();
req.oncomplete = callback;
Expand All @@ -2026,6 +2038,9 @@ function fchown(fd, uid, gid, callback) {
function fchownSync(fd, uid, gid) {
validateInteger(uid, 'uid', -1, kMaxUserId);
validateInteger(gid, 'gid', -1, kMaxUserId);
if (permission.isEnabled()) {
throw new ERR_ACCESS_DENIED('fchown API is disabled when Permission Model is enabled.');
}

binding.fchown(fd, uid, gid);
}
Expand Down
28 changes: 28 additions & 0 deletions test/fixtures/permission/fs-write.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -462,4 +462,32 @@ const relativeProtectedFolder = process.env.RELATIVEBLOCKEDFOLDER;
permission: 'FileSystemWrite',
resource: path.toNamespacedPath(blockedFile),
});
}

// fs.fchown with read-only fd
{
assert.throws(() => {
// blocked file is allowed to read
const fd = fs.openSync(blockedFile, 'r');
fs.fchmod(fd, 777, common.expectsError({
code: 'ERR_ACCESS_DENIED',
}));
fs.fchmodSync(fd, 777);
}, {
code: 'ERR_ACCESS_DENIED',
});
}

// fs.fchmod with read-only fd
{
assert.throws(() => {
// blocked file is allowed to read
const fd = fs.openSync(blockedFile, 'r');
fs.fchown(fd, 999, 999, common.expectsError({
code: 'ERR_ACCESS_DENIED',
}));
fs.fchownSync(fd, 999, 999);
}, {
code: 'ERR_ACCESS_DENIED',
});
}

0 comments on commit 9357433

Please sign in to comment.