Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Electron fuse support for disabling bad flags (--disable-sandbox, --remote-debugging-port, etc.) #2

Open
phamminhvu opened this issue Apr 9, 2021 · 2 comments
Open

Electron fuse support for disabling bad flags (--disable-sandbox, --remote-debugging-port, etc.) #2

phamminhvu opened this issue Apr 9, 2021 · 2 comments

Comments

@phamminhvu
Copy link

Hi Team,

We are working on an project as base. on the electron to build the application for Windows.
I see the in the electron version 12.x.x we merged fuses to support the option "Run as Node" but I see in the ticket here:
electron/electron#24241

This PR implements one use case (disabling ELECTRON_RUN_AS_NODE), other potential use cases which could be implemented in the future using this system.

  • Disabling bad flags (--disable-sandbox, --remote-debugging-port, etc.)
  • Disabling the node debugger
  • Disable the app, app.asar, default_app.asar load path search and enforce only one of those is ever searched
  • Enforce certain webPrefs (E.g. all webContents must have sandbox, contextIsolation, etc.)
  • Other wild stuff that depends on other crazy ideas

Could we have the planing for next options support( f.e: - Disabling bad flags (--disable-sandbox, --remote-debugging-port, etc.). What electron version We can support this option?

Thank you very much for support!
Jason
@antelle
Copy link

antelle commented Apr 9, 2021
edited
Loading

Since there's a ticket about removing these flags, I'll add a couple more options that I'd like to be able to disable:

Actually, I made a package that disables all of them by patching the Electron binary in different crazy ways (it's using the "fuses" feature for ELECTRON_RUN_AS_NODE, it would not be possible to disable this thing without it), however I don't like this solution, it's fragile and it's very likely to break. I would love to see support for this in Electron fuses!

Also see a discussion in the ticket I opened previously: electron/electron#24260, it's unlikely to be fixed in Electron, but then, on the other hand, I'm curious why a switch for ELECTRON_RUN_AS_NODE was implemented 🤔. In any case, I don't see any harm in adding feature toggles (fuses) for the debugging features.

// You should probably open this issue in Electron and not here, but I don't know.

@MarshallOfSound
Copy link
Member

NodeJS debugging flags can now be disabled by fuses (see the README for the flags to use). Chromium debugging flags are a different beast that will have to be potentially dealt with separately (if it's even possible).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@antelle @phamminhvu @MarshallOfSound