Investigate and improve permission prompting about dax HOT 9 OPEN

You scripts seems to have wrong permissions ?

I was just quickly typing this as an illustrative example, not as a copy-pasteable script. You are right, more perms are typically needed for any script being run by dax but I figured pointing out the possibility of defining the perms in this way could be helpful as a documentation item which may help a subset of needs. 👍

from dax.

There is an option in wasmbuild (which dax uses to build the wasm file) to do that: https://github.com/denoland/wasmbuild#cli-flags (--sync). I believe it is slower to load, but I should measure to see how much slower as maybe it's not a big deal.

from dax.

@NfNitLoop deno-embedder looks nice!

from dax.

Related to both this issue and #27, I have taken to using a shebang on executable files which lets each file declare its own permissions:

#!/usr/bin/env -S deno run --allow-env=HOME,PATH --allow-net=deno.land --allow-read=.

I think this could be another useful thing to include in docs (it's already in the Deno docs, which is where I got it from, e.g. https://deno.land/[email protected]/examples/hashbang).

Going this route lets you invoke child scripts that can have different permissions from the calling Deno process:

script-a.ts

#!/usr/bin/env -S deno run --allow-env=PWD --allow-read=.

import { $ } from 'https://deno.land/x/dax/mod.ts'

const scriptB =  $.path.join(Deno.env.get('PWD'), 'script-b.ts') // file with executable bit set

await $`${scriptB}`

script-b.ts

#!/usr/bin/env -S deno run --allow-env=HOME --allow-run=/bin/ls

import { $ } from 'https://deno.land/x/dax/mod.ts'

await $`ls -lah ${Deno.env.get('HOME')}`

Could be worth a mention 👍

from dax.

You scripts seems to have wrong permissions ?

• dax will always ask for -allow-env=all
• even if you pass --allow-run=bin, dax will stat many paths to search for that bin, so you have to give --allow-read=1,2,3, all the paths that dax search

I wonder if can any of the above be improved ?

The other permissions are:

• downloading and writing the wasm file if it doesn't exist so --allow-net=deno.land and --allow-write=.local/share../wasm
• and after the first usage, it becomes just --allow-read=wasmfile

from dax.

Once deno supports Wasm modules then we can get rid of needing to save and read the cache directory.

I think you can do this before Deno supports native WASM modules. I haven't used WASM much myself, but as I understand it you just feed bytes into WebAddembly.Module() (example)

So if you transform your .wasm file to something like base64_encoded_wasm.ts (or .js or .json), you can just

import wasmBytes from "./base64_encoded.wasm.ts"

This lets deno install or deno compile cache the file for you. And lets deno run fetch (and cache!) the file for you without needing --allow-net or --allow-write access.

Shameless plug: If you don't want to base64-encode the wasm file yourself, you could use deno-embedder, which I wrote to do just this kind of thing.

from dax.

As for cwd/HOME -- I'm not sure why dax needs to read those explicitly. For example, I can just run a Deno command without the --allow-env:

#!/usr/bin/env -S deno run --allow-run

const result = await new Deno.Command("env").output()
const outText = new TextDecoder().decode(result.stdout)
console.log(outText)

(Update): Aha, I see. Some of the built-in commands like pwd will need to know CWD to be able to operate correctly w/o calling a command. (At least, with the current implementation.)

Context: I'd avoided using Dax for a while because my very first experience with it was it asking for permissions to environment variables and reading/writing local directories, and network access, which seemed strange. (yes, even in the face of giving it --allow-run. Or maybe in especially for that reason.)

Months later, I was quickly making a script and forgot about my issues. This time I just threw on an -A because I was in a hurry, and I very much like the simplicity of Dax's interface. ❤️ And I am a fan of replacing Bash with Deno

I'd love to use Dax while granting it fewer permissions!

from dax.

@dsherret I'm not sure if my PR link 2 days ago sent a notification to this issue, so just in case it didn't, see the above. 😊

I created a simple benchmark to test the "before" performance. Then I converted to use the --sync option, and found out that it's actually slightly faster. So if you were sticking to the other loading method for speed, there's no need AFAICT.

from dax.

Thanks, @NfNitLoop! That was a big improvement.

And I am a fan of replacing Bash with Deno

I agree. I'm actually probably doing a lightning talk on this subject next month at a conference.

from dax.