Open
Description
Remotely spawning a process on an untrusted node when in a sensitive context causes a javascript runtime error.
Small example
Code for node1:
let fun foo () = receive [ hn x => x ]
val pid =
if true raisedTo `{secret}` then
spawn ("node2", fn () => foo ()) (* node1 only trusts node2 up to {} *)
else
spawn ("node2", fn () => foo ())
in
receive [ hn x => x ]
endCode for node2:
0With appropriate id + alias file, first start node2, then node1.
node1 fails with the following (some output omitted):
2025-02-03T11:34:34.063Z [p2p] error: Unhandled general error case Error
2025-02-03T11:34:34.063Z [p2p] error: Unhandled general error case Error
file:///home/troupe-project/troupe-dev/rt/built/p2p/p2p.mjs:899
throw err;
^
StrThreadError
at Thread.threadError (file:///home/troupe-project/troupe-dev/rt/built/Thread.mjs:571:23)
at threadError (file:///home/troupe-project/troupe-dev/rt/built/runtimeMonitored.mjs:221:17)
at RuntimeObject.spawnAtNode (file:///home/troupe-project/troupe-dev/rt/built/runtimeMonitored.mjs:49:9)
at file:///home/troupe-project/troupe-dev/rt/built/builtins/spawn.mjs:32:47
at file:///home/troupe-project/troupe-dev/rt/built/builtins/spawn.mjs:32:75
at closure (file:///home/troupe-project/troupe-dev/rt/built/BaseFunction.mjs:6:16)
at Scheduler.loop (file:///home/troupe-project/troupe-dev/rt/built/Scheduler.mjs:216:28)
at start (file:///home/troupe-project/troupe-dev/rt/built/runtimeMonitored.mjs:394:13) {
thread: <ref *2> Thread {
...
},
errstr: 'Illegal trust flow when spawning on a remote node\n' +
' | the trust level of the recepient node: {}\n' +
' | the level of the information in spawn: {secret}'
}Metadata
Metadata
Assignees
Labels
No labels