Skip to content

child_process: fix permission model propagation via NODE_OPTIONS#63972

Open
mcollina wants to merge 1 commit into
nodejs:mainfrom
mcollina:fix-permission-propagate-substring-check-public
Open

child_process: fix permission model propagation via NODE_OPTIONS#63972
mcollina wants to merge 1 commit into
nodejs:mainfrom
mcollina:fix-permission-propagate-substring-check-public

Conversation

@mcollina

Copy link
Copy Markdown
Member

Description

Fix a bug in copyPermissionModelFlagsToEnv where the substring check env[key].indexOf('--permission') !== -1 falsely treats unrelated NODE_OPTIONS values like --title=--permission as if the child already has an explicit Permission Model policy. This prevents flag propagation, causing the child to run without process.permission.

Fix

Replace the substring check with a helper hasPermissionFlagInEnv() that tokenizes NODE_OPTIONS and checks for exact --permission / --permission-audit tokens.

Tests

Adds regression tests for:

  • NODE_OPTIONS=--title=--permission
  • NODE_OPTIONS=--conditions=--permission
  • NODE_OPTIONS=--trace-event-categories=--permission
  • NODE_OPTIONS=--title=--permission-audit

@nodejs-github-bot

Copy link
Copy Markdown
Collaborator

Review requested:

  • @nodejs/security-wg

@mcollina mcollina requested a review from RafaelGSS June 18, 2026 09:10
@nodejs-github-bot nodejs-github-bot added child_process Issues and PRs related to the child_process subsystem. needs-ci PRs that need a full CI run. labels Jun 18, 2026
@mcollina mcollina force-pushed the fix-permission-propagate-substring-check-public branch from 32feff9 to b0ebfb1 Compare June 18, 2026 09:17
The substring check env[key].indexOf(--permission) !== -1 in
copyPermissionModelFlagsToEnv falsely treats unrelated NODE_OPTIONS
values like --title=--permission as if the child already has an
explicit Permission Model policy. This prevents flag propagation,
causing the child to run without process.permission.

Signed-off-by: Matteo Collina <hello@matteocollina.com>
@mcollina mcollina force-pushed the fix-permission-propagate-substring-check-public branch from b0ebfb1 to 63c2e47 Compare July 1, 2026 06:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

child_process Issues and PRs related to the child_process subsystem. needs-ci PRs that need a full CI run.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants