fuses icon indicating copy to clipboard operation
fuses copied to clipboard

Published 20 hours ago verified publisher icon electron

Electron fuse support for disabling bad flags (--disable-sandbox, --remote-debugging-port, etc.)

Open phamminhvu opened this issue 4 years ago • 2 comments

Hi Team,

We are working on an project as base. on the electron to build the application for Windows. I see the in the electron version 12.x.x we merged fuses to support the option "Run as Node" but I see in the ticket here: https://github.com/electron/electron/pull/24241

This PR implements one use case (disabling ELECTRON_RUN_AS_NODE), other potential use cases which could be implemented in the future using this system.

  • Disabling bad flags (--disable-sandbox, --remote-debugging-port, etc.)
  • Disabling the node debugger
  • Disable the app, app.asar, default_app.asar load path search and enforce only one of those is ever searched
  • Enforce certain webPrefs (E.g. all webContents must have sandbox, contextIsolation, etc.)
  • Other wild stuff that depends on other crazy ideas

Could we have the planing for next options support( f.e: - Disabling bad flags (--disable-sandbox, --remote-debugging-port, etc.). What electron version We can support this option?

Thank you very much for support! Jason

phamminhvu avatar Apr 09 '21 06:04 phamminhvu

Since there's a ticket about removing these flags, I'll add a couple more options that I'd like to be able to disable:

Actually, I made a package that disables all of them by patching the Electron binary in different crazy ways (it's using the "fuses" feature for ELECTRON_RUN_AS_NODE, it would not be possible to disable this thing without it), however I don't like this solution, it's fragile and it's very likely to break. I would love to see support for this in Electron fuses!

Also see a discussion in the ticket I opened previously: https://github.com/electron/electron/issues/24260, it's unlikely to be fixed in Electron, but then, on the other hand, I'm curious why a switch for ELECTRON_RUN_AS_NODE was implemented 🤔. In any case, I don't see any harm in adding feature toggles (fuses) for the debugging features.

// You should probably open this issue in Electron and not here, but I don't know.

antelle avatar Apr 09 '21 18:04 antelle

NodeJS debugging flags can now be disabled by fuses (see the README for the flags to use). Chromium debugging flags are a different beast that will have to be potentially dealt with separately (if it's even possible).

MarshallOfSound avatar Aug 25 '21 19:08 MarshallOfSound