lib: add security warning on io full access

doc/api/permissions.md

@@ -584,6 +584,14 @@ There are constraints you need to know before using this system:
 * Using existing file descriptors via the `node:fs` module bypasses the
   Permission Model.
 
+#### Allowing all write operations
+
+When `--allow-fs-write=*` is permitted, it may inadvertently lead to invalidating
+the permission model because of unintended file access
+to files that have side effects when written to, like
+service configuration files or internal file interfaces like
+linux's `/proc`.
+
 #### Limitations and Known Issues
 
 * Symbolic links will be followed even to locations outside of the set of paths

lib/internal/process/pre_execution.js

@@ -44,6 +44,8 @@ const {
   },
 } = require('internal/v8/startup_snapshot');
 
+const isWindows = process.platform === 'win32';
+
 function prepareMainThreadExecution(expandArgv1 = false, initializeModules = true) {
   return prepareExecution({
     expandArgv1,
@@ -554,6 +556,22 @@ function initializePermission() {
         'It could invalidate the permission model.', 'SecurityWarning');
       }
     }
+    const fsReadValue = getOptionValue('--allow-fs-read');
+    if (fsReadValue.length === 1 && (fsReadValue[0] === '*' || (!isWindows && fsReadValue[0] === '/'))) {
+      process.emitWarning(
+        'Granting all to --allow-fs-read leaks all sensitive info on the host machine.',
+        'SecurityWarning'
+      );
+    }
+    const fsWriteValue = getOptionValue('--allow-fs-write');
+    if (fsWriteValue.length === 1 && (fsWriteValue[0] === '*' || (!isWindows && fsWriteValue[0] === '/'))) {
+      process.emitWarning(
+        'Granting all to --allow-fs-write will invalidate the permission model. ' +
+      'Documentation can be found at ' +
+      'https://nodejs.org/api/permissions.html#allowing-all-write-operations',
+        'SecurityWarning'
+      );
+    }
     const warnCommaFlags = [
       '--allow-fs-read',
       '--allow-fs-write',