How can I allow read access to CWD (current working directory) used by Deno.cwd()?
I want explicit permission only for CWD. I don't want to allow every read with plain --allow-read flag.
I've tried to pass CWD as a parameter but it doesn't work.
deno run --allow-read=CWD index.ts
Uncaught PermissionDenied: read access to <CWD>, run again with the --allow-read flag
Index.ts is just:
console.log(Deno.cwd());
I am using deno 1.2.0.
deno run --allow-read=./ index.ts
The relative route ./ will allow you to access everything inside the folder in which index.ts is in. Best practices however are to use more fine-grained/specific permissions
As pointed out before https://deno.land/manual/getting_started/permissions#permissions-allow-list
That actually depends on the OS you are using.
In Windows, you can use
deno run --allow-read=%cd% index.ts
In Ubuntu bash
deno run --allow-read=$PWD index.ts
Related
I'm running an example file-server with a simple index.html file, I want the script to re-run when changes are made within the directory, how can I do that?
deno run --allow-net --allow-read --watch https://deno.land/std#0.157.0/http/file_server.ts ./
You can provide one or more path values for the watch argument when using deno run in order watch additional files outside the module graph. For example, use
deno run —-watch=. module.ts
to watch all files recursively in the current working directory.
You can use the deno help command to get information about the command you want to use (in this case run). This is how I answered your question:
% deno --version
deno 1.26.2 (release, x86_64-apple-darwin)
v8 10.7.193.16
typescript 4.8.3
% deno help run
---snip---
USAGE:
deno run [OPTIONS] <SCRIPT_ARG>...
ARGS:
<SCRIPT_ARG>...
Script arg
OPTIONS:
---snip---
--watch[=<FILES>...]
Watch for file changes and restart process automatically.
Local files from entry point module graph are watched by default.
Additional paths might be watched by passing them as arguments to
this flag.
However in the case of the static file server module that you asked about, there's no real benefit to reloading the server process as it just serves static files: any time you request a static file, you always get the latest version.
Perhaps you're looking for "hot/live reload" behavior in the browser client. This is a different pattern: a coordinated effort between the JavaScript in the page and the server — and that’s not something that’s supported by the module you asked about.
My original motivation was to run a Deno script from Crontab on Ubuntu.
First I did not know that paths are relative to the working directory, not the executing module.
My script was reading and writing files to a disk, so I got errors like
error: Uncaught NotFound: No such file or directory (os error 2)
I was pointed out that this problem can be solved with import.meta.url.
I modified the path to resolve it from import.meta.url and this solution worked fine with read/write operations.
But I encountered another problem with .env file.
It was a surprise to me that even the dotenv module uses paths relative to the working directory.
The dotenv module has the option to specify the path with config({path:___}), but I think it is too much to overwrite the default location.
Eventually, changing the working directory to the script's root directory before running the script in crontab was a simpler solution.
* * * * * cd ____; deno run ___
But I still have doubts if this is the most efficient way.
Is there something better to changing a directory in such cases?
It would be nice to have a mode when running deno, which would make paths relative to the executing module excluding modules which are imported with URLs.
I think you're looking for Deno.mainModule, which is a reference to the file URL of the entrypoint module you passed to deno. You can use it with the deno.land/std/path module to get the directory of the entrypoint for your program, and then use Deno.chdir() to change your current working directory so that all relative paths (which are implicitly relative to Deno.cwd()) are then relative to that directory.
/repo/relative-path.ts:
import * as path from 'https://deno.land/std#0.102.0/path/mod.ts';
export {path};
export const mainModuleDir = path.dirname(path.fromFileUrl(Deno.mainModule));
/repo/main.ts:
import {mainModuleDir, path} from './relative-path.ts';
Deno.chdir(mainModuleDir);
const entrypointRelativePath = path.resolve('hello', 'world.json');
console.log(entrypointRelativePath);
Then, run your script:
$ cd /different/unrelated/path
$ deno run --allow-read /repo/main.ts
/repo/hello/world.json
You can use mainModuleDir as a base for any entrypoint-relative paths you need.
I am working on a SUID root binary 'app' that runs a system("ls -la /dir") command and managed to exploit it by writing a malicious ls to get root and changing my user's environment path to set it to higher priority than the kernel's one.
I noticed that executing it as user returns me root shell while executing it with sudo "./example" uses root's path and simply lists the files in dir. As far as i know setuid inherits owner's (in this case root) privileges to user and sudo executes as root.
What are such vulnerabilities called ? How would an app developer patch it? I there any way i can force user's to use sudo ./app to execute a program?
I recommend you change app to use an absolute path for the commands it runs. For example:
system("/bin/ls -la /dir");
Even if the users use the sudo command to execute it, there are sudo arguments they can use (--preserve-env) to preserve their own PATH.
If you want the users to run app using sudo, then there's no need for the binary to be SUID root.
I am running grunt server after a clean install of Yeoman, using the Webapp generator and I get the following error:
Warning: Errno::ENOENT on line 441 of /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/pathname.rb: No such file or directory - /Users/nfento/Sites/test/app/bower_components
Run with --trace to see the full backtrace Use --force to continue.
Any idea what would be causing this? I have been able to reproduce the error on two machines. I'm completely new to using grunt, but have used it as a server with livereload previously.
Maybe is a bit late but:
check if you have a app/bower_components folder
if not check if there is a bower_components folder in the root
if it exists move it in the /app folder
create a file .bowerrcand paste this in:
{"directory": "app/bower_components"}
I have two versions of pytest installed, one locally in a directory in my home directory, and one that is installed in /usr/local/bin.
The version of pytest installed in the /usr/local/bin is 2.2.4 and I don't have sudo rights to upgrade it to the newer version, 2.3.4, but need some tests to run with 2.3.4.
Is there a way to redirect the path so that it always uses the pytest in my home directory over the pytest in the /usr/local/bin directory when I invoke pytest?
Because there is a need to run many tests, it would be more convenient to have a shortcut!
You should add a directory to your $PATH that contains the copy of pytest you would like to use. For example, place pytest in ~/bin and add ~/bin (or $HOME/bin) to your path:
PATH="$HOME/bin:$PATH"
export PATH
As indicated, place the new directory at the front of the path so that your copy of pytest (and whatever else you put in ~/bin) will be found first.
Even better, put those two lines into ~/.profile so that your $PATH will be updated every time you log in.