From 481f697923d8c0535970b425d63360b67552435a Mon Sep 17 00:00:00 2001 From: cybe4sent1nel Date: Wed, 1 Apr 2026 19:55:13 +0530 Subject: [PATCH 1/3] doc: clarify process._debugProcess() is not gated by kInspector --- doc/api/permissions.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/doc/api/permissions.md b/doc/api/permissions.md index d36590ec3ae9cd..155895e7f90c01 100644 --- a/doc/api/permissions.md +++ b/doc/api/permissions.md @@ -244,6 +244,35 @@ There are constraints you need to know before using this system: * Using existing file descriptors via the `node:fs` module bypasses the Permission Model. +#### `process._debugProcess()` and cross-process Inspector activation + +The `kInspector` permission scope restricts the current process from +opening its own V8 Inspector. However, `process._debugProcess(pid)` — +which sends an OS-level signal (SIGUSR1 on POSIX, a remote thread on +Windows) to an external process — is **not** gated by the `kInspector` +scope or any other Permission Model scope. + +A sandboxed process running under `--permission` with no additional +grants can call `process._debugProcess(pid)` to force another Node.js +process to open its V8 Inspector, regardless of whether that target +process has any permission restrictions. + +This is consistent with the Node.js threat model: Node.js trusts the +OS environment in which it runs. Cross-process signaling is an +operating-system-level capability; restricting it is the responsibility +of the **operator** (for example, using OS-level process isolation, +separate OS users per process, or seccomp/AppArmor profiles on Linux). + +Developers relying on `--permission` to sandbox untrusted code should +be aware that: + +* `process._debugProcess()` is callable from any sandboxed process + with no grants. +* If a target Node.js process is running on the same host under the + same OS user, it can be forced to open its Inspector via this API. +* To prevent this, run sandboxed and target processes under different + OS users, or use OS-level isolation mechanisms outside of Node.js. + #### Limitations and Known Issues * Symbolic links will be followed even to locations outside of the set of paths From f5b036c1b45ec7a958d9b362680230db38007513 Mon Sep 17 00:00:00 2001 From: Fahad Khan Date: Wed, 1 Apr 2026 20:05:23 +0530 Subject: [PATCH 2/3] Update doc/api/permissions.md Co-authored-by: Rafael Gonzaga --- doc/api/permissions.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/api/permissions.md b/doc/api/permissions.md index 155895e7f90c01..29099a12dbd78e 100644 --- a/doc/api/permissions.md +++ b/doc/api/permissions.md @@ -254,7 +254,8 @@ scope or any other Permission Model scope. A sandboxed process running under `--permission` with no additional grants can call `process._debugProcess(pid)` to force another Node.js -process to open its V8 Inspector, regardless of whether that target +process to open its V8 Inspector (if the process was initialized without `--permission`) +regardless of whether that target process has any permission restrictions. This is consistent with the Node.js threat model: Node.js trusts the From 7700deb7e1f037295f425489ef003648ed33285c Mon Sep 17 00:00:00 2001 From: Fahad Khan Date: Thu, 2 Apr 2026 05:41:26 +0530 Subject: [PATCH 3/3] Update permissions.md for V8 Inspector access Clarified that a target process does not need to run under `--permission` to open its V8 Inspector. --- doc/api/permissions.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/api/permissions.md b/doc/api/permissions.md index 29099a12dbd78e..1a187896db812f 100644 --- a/doc/api/permissions.md +++ b/doc/api/permissions.md @@ -254,9 +254,9 @@ scope or any other Permission Model scope. A sandboxed process running under `--permission` with no additional grants can call `process._debugProcess(pid)` to force another Node.js -process to open its V8 Inspector (if the process was initialized without `--permission`) -regardless of whether that target -process has any permission restrictions. +process to open its V8 Inspector. The target process does not need to be +running under `--permission` for this to work — any Node.js process +running on the same host under the same OS user can be signaled. This is consistent with the Node.js threat model: Node.js trusts the OS environment in which it runs. Cross-process signaling is an