We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
child_process.fork('', [], { execArgv: [ '--experimental-permission', '-e', 'process.send({ cmd: "NODE_*" });', ] });
Will this api be a security problem in any case to cause parent process work wrong?
The text was updated successfully, but these errors were encountered:
No. The process.send() method is used to send messages via IPC, it can be a problem if you eval the message in the parent process.
process.send()
eval
Sorry, something went wrong.
@RafaelGSS the docs says cmd property with string value which start with NODE_ is for internal use:
cmd
NODE_
https://github.com/nodejs/node/blame/1858341377c268c5ffce9345517dc07b0e6c240a/doc/api/child_process.md#L1536
Yes, but it wouldn't trigger any fs call. Also, if the parent process was created using the experimental permission, it should be ok.
No branches or pull requests
Will this api be a security problem in any case to cause parent process work wrong?
The text was updated successfully, but these errors were encountered: