Skip to content

child_process: fix permission model propagation via NODE_OPTIONS#63972

Merged
nodejs-github-bot merged 1 commit into
nodejs:mainfrom
mcollina:fix-permission-propagate-substring-check-public
Jul 2, 2026
Merged

child_process: fix permission model propagation via NODE_OPTIONS#63972
nodejs-github-bot merged 1 commit into
nodejs:mainfrom
mcollina:fix-permission-propagate-substring-check-public

Conversation

@mcollina

Copy link
Copy Markdown
Member

Description

Fix a bug in copyPermissionModelFlagsToEnv where the substring check env[key].indexOf('--permission') !== -1 falsely treats unrelated NODE_OPTIONS values like --title=--permission as if the child already has an explicit Permission Model policy. This prevents flag propagation, causing the child to run without process.permission.

Fix

Replace the substring check with a helper hasPermissionFlagInEnv() that tokenizes NODE_OPTIONS and checks for exact --permission / --permission-audit tokens.

Tests

Adds regression tests for:

  • NODE_OPTIONS=--title=--permission
  • NODE_OPTIONS=--conditions=--permission
  • NODE_OPTIONS=--trace-event-categories=--permission
  • NODE_OPTIONS=--title=--permission-audit

@nodejs-github-bot

Copy link
Copy Markdown
Collaborator

Review requested:

  • @nodejs/security-wg

@mcollina mcollina requested a review from RafaelGSS June 18, 2026 09:10
@nodejs-github-bot nodejs-github-bot added child_process Issues and PRs related to the child_process subsystem. needs-ci PRs that need a full CI run. labels Jun 18, 2026
@mcollina mcollina force-pushed the fix-permission-propagate-substring-check-public branch from 32feff9 to b0ebfb1 Compare June 18, 2026 09:17
The substring check env[key].indexOf(--permission) !== -1 in
copyPermissionModelFlagsToEnv falsely treats unrelated NODE_OPTIONS
values like --title=--permission as if the child already has an
explicit Permission Model policy. This prevents flag propagation,
causing the child to run without process.permission.

Signed-off-by: Matteo Collina <hello@matteocollina.com>
@mcollina mcollina force-pushed the fix-permission-propagate-substring-check-public branch from b0ebfb1 to 63c2e47 Compare July 1, 2026 06:28
@mcollina mcollina added the request-ci Add this label to start a Jenkins CI on a PR. label Jul 1, 2026
@github-actions github-actions Bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Jul 1, 2026
@nodejs-github-bot

Copy link
Copy Markdown
Collaborator

@mcollina mcollina added semver-minor PRs that contain new features and should be released in the next minor version. commit-queue Add this label to land a pull request using GitHub Actions. author ready PRs that have at least one approval, no pending requests for changes, and a CI started. and removed needs-ci PRs that need a full CI run. semver-minor PRs that contain new features and should be released in the next minor version. labels Jul 2, 2026
@nodejs-github-bot nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Jul 2, 2026
@nodejs-github-bot nodejs-github-bot merged commit 5922197 into nodejs:main Jul 2, 2026
76 checks passed
@nodejs-github-bot

Copy link
Copy Markdown
Collaborator

Landed in 5922197

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

author ready PRs that have at least one approval, no pending requests for changes, and a CI started. child_process Issues and PRs related to the child_process subsystem.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants