Comment by dgellow

Comment by dgellow a day ago

3 replies

View on Hacker News

I've been playing around with deno over the past weeks. It's definitely an interesting project. However I do find the permission system to lack the granularity I would want. You quickly end up in a "all or nothing" state, where I would really like to instead differentiate between code I consider trusted and code I consider risky.

Still, pretty neat and I do see where I will use it in the future.

vlovich123 a day ago

> instead differentiate between code I consider trusted and code I consider risky.

You’re talking about trying to enforce privilege separation within a single process? For that you’d need capabilities ant the language level and even then I’m skeptical you can really lock things down successfully within a shared memory environment (yes JS in theory is a VM but there’s so many VM escapes possible that running untrusted code in process seems futile).

Reply View 2 replies
  • dgellow 11 hours ago

    I think so, yes. I would like to be able to say "import that module in no-network mode", if that makes sense (or the opposite, default imports to no fs, no network permissions, the grant explicitly).

    Reply View 1 reply
    • vlovich123 6 hours ago

      Yeah this is particularly a problem for JS where importing code also immediately executes it. But yeah, managing capabilities within a process boundary is inherently trickier than doing it at the process boundary where you can actually guarantee permissions cannot be obtained through subterfuge.

      Reply View 0 replies