Illegal trust flow when spawning on remote node results in javascript runtime error

[mkarup]

Remotely spawning a process on an untrusted node when in a sensitive context causes a javascript runtime error.

Small example

Code for node1:

let fun foo () = receive [ hn x => x ]
    val pid =
        if true raisedTo `{secret}` then
          spawn ("node2", fn () => foo ()) (* node1 only trusts node2 up to {} *)
        else
          spawn ("node2", fn () => foo ())
in
  receive [ hn x => x ]
end

Code for node2:

0

With appropriate id + alias file, first start node2, then node1. node1 fails with the following (some output omitted):

2025-02-03T11:34:34.063Z [p2p] error: Unhandled general error case Error
2025-02-03T11:34:34.063Z [p2p] error: Unhandled general error case Error
file:///home/troupe-project/troupe-dev/rt/built/p2p/p2p.mjs:899
            throw err;
            ^

StrThreadError
    at Thread.threadError (file:///home/troupe-project/troupe-dev/rt/built/Thread.mjs:571:23)
    at threadError (file:///home/troupe-project/troupe-dev/rt/built/runtimeMonitored.mjs:221:17)
    at RuntimeObject.spawnAtNode (file:///home/troupe-project/troupe-dev/rt/built/runtimeMonitored.mjs:49:9)
    at file:///home/troupe-project/troupe-dev/rt/built/builtins/spawn.mjs:32:47
    at file:///home/troupe-project/troupe-dev/rt/built/builtins/spawn.mjs:32:75
    at closure (file:///home/troupe-project/troupe-dev/rt/built/BaseFunction.mjs:6:16)
    at Scheduler.loop (file:///home/troupe-project/troupe-dev/rt/built/Scheduler.mjs:216:28)
    at start (file:///home/troupe-project/troupe-dev/rt/built/runtimeMonitored.mjs:394:13) {
  thread: <ref *2> Thread {
      ...
  },
  errstr: 'Illegal trust flow when spawning on a remote node\n' +
    ' | the trust level of the recepient node: {}\n' +
    ' | the level of the information in spawn: {secret}'
}