How safe is the Deno sandbox? Can i execute arbitrary code in a subprocess?

[firstdorsal]

I am creating a subprocess like this

// create subprocess
    const evalPolicy = Deno.run({
        cmd: ["deno", "run", "./run.ts", JSON.stringify(input)],
        stdout: "piped",
        stderr: "piped"
    });

and let it execute the arbitrary code in the file run.ts

I see that it has access to the global Deno object what sure could extract some parameters like

...
version: { deno: "1.17.0", v8: "9.7.106.15", typescript: "4.5.2" },
  build: {
    target: "x86_64-unknown-linux-gnu",
    arch: "x86_64",
    os: "linux",
    vendor: "unknown",
    env: "gnu"
  }
...

Is this safe?
Is it possible to mitigate the use of the Deno object?
Is there a better alternative to this?
The code will be sent via an HTTP endpoint. My concern is not RCE as it runs in docker anyway but more about the manipulation of consecutive requests.

Thank you and all the best
Paul

[bartlomieju]

Allowing subprocesses with --allow-run flag effectively disables the sandbox, as subprocess can do whatever they want. There is a proposal to add a dedicated API for spawning Deno subprocesses that would still allow to preserve the sandbox, see #13041

[firstdorsal]

Thank you for the quick response!
I dont fully understand it: I tried and found that I cannot execute anything from within my deno subprocess:

console.log(Deno.run({ cmd: ['touch xd.txt']}));

returns

PermissionDenied: Requires run access to \"touch xd.txt\", run again with the --allow-run flag\n

To clarify:
I am spawning a deno process without permissions from a deno process with run permissions

[bartlomieju]

Sorry I misunderstood then. If you spawn subprocesses in your trusted code, and you spawn a Deno subprocess with no permissions then it is effectively fully sandboxed. If you want to disable access to Deno global you will need to run a bit of code yourself to do that (globalThis.Deno = undefined); then the executed code won't be able to access any of the Deno APIs.

[firstdorsal]

awesome! thank you!

[firstdorsal]

this is returning an error:

Uncaught TypeError: Cannot assign to read only property 'Deno' of object

[bartlomieju]

It should be delete globalThis.Deno;

[firstdorsal]

works like a charm, thank you!

[Soremwar]

It should work using the following

//main_program.ts
// deno run --allow-run=deno main_program.ts // Allow run must come before the program name
const process = Deno.run({ cmd: ['deno', 'run', 'your_untrusted_code.ts']}); // Every part of the subcommand must be separated by comma
console.log(await process.status());