From e15d22c024aa09a6235be70f9b96b996d5a637f7 Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Tue, 12 Apr 2022 12:03:01 -0400 Subject: [PATCH] doc: initial version of security-model-strategy.md Added initial strategy based on discussion in the next-10 mini-summit - https://github.com/nodejs/next-10/blob/main/meetings/summit-apr-2022.md Signed-off-by: Michael Dawson PR-URL: https://github.com/nodejs/node/pull/42709 Reviewed-By: Matteo Collina Reviewed-By: Gireesh Punathil Reviewed-By: Darshan Sen Reviewed-By: Akhil Marsonya Reviewed-By: Rafael Gonzaga Reviewed-By: Bryan English --- doc/contributing/security-model-strategy.md | 77 +++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 doc/contributing/security-model-strategy.md diff --git a/doc/contributing/security-model-strategy.md b/doc/contributing/security-model-strategy.md new file mode 100644 index 00000000000000..311487bd7b18a2 --- /dev/null +++ b/doc/contributing/security-model-strategy.md @@ -0,0 +1,77 @@ +# Security Model Strategy + +A clear security model, with features like permissions and policy enforcement, +is a +[top technical priority](https://github.com/nodejs/node/blob/master/doc/contributing/technical-priorities.md#permissionspoliciessecurity-model) +of Node.js. + +## High-level approach + +* Document the security model +* Document threat models and current state of the art +* Support experimentation on features like permissions and policies +* Add a security component in Node.js certification covering + the Node.js security model + +### Document the security model + +The current security model for Node.js is not yet well documented. +At a high level it is: + +* Node.js does not provide a sandbox, both the JavaScript and + native code which is run is trusted to not be malicious. +* The project works to help code running on top of Node.js to avoid + making mistakes, but not doing so is not considered a + vulnerability in Node.js. Just because you can build something + vulnerable with the APIs does not mean there is a vulnerability + in Node.js itself. + +The project has a goal to better document the security model +and this section will be expanded when that happens. + +Once the security model is documented the project will work +to add a security component in Node.js certification covering +the Node.js security model. + +### Document threat models and current state of the art + +Node.js is used in several different use cases and the +threats may be different in each use case. The project +should document the threat models and use that to +help define the security model in the context of each +of these use cases. + +This section will be expanded as the use case/threat +models are defined. The initial list includes: + +* Server +* Desktop application +* Cli +* Single executable application +* CI/CD pipeline components + +### Support experimentation on features like permissions and policies + +The project is not currently planning to provide supported +sandbox functionality, but wants to support experimentation on +related features like policies and permission enforcement. + +Features in this category should: + +* be opt-in, and additional overhead when not enabled must be low +* limit change in core to just what is needed to enable experimentation + +## Current implementation and assets + +Node.js has an experimental implementation of +[policies](https://nodejs.org/docs/latest/api/policy.html#policies). + +The core implementation is in: + +* [`lib/internal/process/policy.js`](https://github.com/nodejs/node/blob/HEAD/lib/internal/process/policy.js) +* [`lib/internal/policy`](https://github.com/nodejs/node/blob/HEAD/lib/internal/policy) + +along with integration into the CJS and ESM loaders in: + +* [`lib/internal/modules/esm`](https://github.com/nodejs/node/blob/HEAD/lib/internal/modules/esm) +* [`lib/internal/modules/cjs`](https://github.com/nodejs/node/blob/HEAD/lib/internal/modules/cjs)