From ea5c6bc1de057b7351b13e8df8fd6e2699286f89 Mon Sep 17 00:00:00 2001 From: cybe4sent1nel Date: Thu, 9 Apr 2026 18:06:37 +0530 Subject: [PATCH 1/3] doc: clarify process._debugProcess() in Permission Model --- doc/api/permissions.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/doc/api/permissions.md b/doc/api/permissions.md index d36590ec3ae9cd..e064a1bede8750 100644 --- a/doc/api/permissions.md +++ b/doc/api/permissions.md @@ -244,6 +244,30 @@ There are constraints you need to know before using this system: * Using existing file descriptors via the `node:fs` module bypasses the Permission Model. +#### process.\_debugProcess() and cross-process Inspector activation + +The kInspector permission scope restricts the current process from opening its own V8 Inspector. However, +process.\_debugProcess(pid) — which sends an OS-level signal (SIGUSR1 on POSIX, a remote thread on Windows) +to an external process — is not gated by the kInspector scope or any other Permission Model scope. + +A sandboxed process running under --permission with no additional grants can call process.\_debugProcess(pid) +to force another Node.js process to open its V8 Inspector. The target process does not need to be running +under --permission for this to work — any Node.js process running on the same host under the same OS user +can be signaled. + +This is consistent with the Node.js threat model: Node.js trusts the OS environment in which it runs. +Cross-process signaling is an operating-system-level capability; restricting it is the responsibility of +the operator (for example, using OS-level process isolation, separate OS users per process, or +seccomp/AppArmor profiles on Linux). + +Developers relying on --permission to sandbox untrusted code should be aware that: + +* process.\_debugProcess() is callable from any sandboxed process with no grants. +* If a target Node.js process is running on the same host under the same OS user, it can be forced to + open its Inspector via this API. +* To prevent this, run sandboxed and target processes under different OS users, or use OS-level isolation + mechanisms outside of Node.js. + #### Limitations and Known Issues * Symbolic links will be followed even to locations outside of the set of paths From 28926b1c526c44745a65240318511fee37df3e0e Mon Sep 17 00:00:00 2001 From: Fahad Khan Date: Thu, 9 Apr 2026 18:22:39 +0530 Subject: [PATCH 2/3] Update doc/api/permissions.md Co-authored-by: Luigi Pinca --- doc/api/permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/api/permissions.md b/doc/api/permissions.md index e064a1bede8750..10039be2221394 100644 --- a/doc/api/permissions.md +++ b/doc/api/permissions.md @@ -246,7 +246,7 @@ There are constraints you need to know before using this system: #### process.\_debugProcess() and cross-process Inspector activation -The kInspector permission scope restricts the current process from opening its own V8 Inspector. However, +The `kInspector` permission scope restricts the current process from opening its own V8 Inspector. However, process.\_debugProcess(pid) — which sends an OS-level signal (SIGUSR1 on POSIX, a remote thread on Windows) to an external process — is not gated by the kInspector scope or any other Permission Model scope. From 3d2c97cc67a0b8716a6fe73a6839918940fa6145 Mon Sep 17 00:00:00 2001 From: Fahad Khan Date: Thu, 9 Apr 2026 18:23:05 +0530 Subject: [PATCH 3/3] Update doc/api/permissions.md Co-authored-by: Luigi Pinca --- doc/api/permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/api/permissions.md b/doc/api/permissions.md index 10039be2221394..61fe9554ea14d2 100644 --- a/doc/api/permissions.md +++ b/doc/api/permissions.md @@ -248,7 +248,7 @@ There are constraints you need to know before using this system: The `kInspector` permission scope restricts the current process from opening its own V8 Inspector. However, process.\_debugProcess(pid) — which sends an OS-level signal (SIGUSR1 on POSIX, a remote thread on Windows) -to an external process — is not gated by the kInspector scope or any other Permission Model scope. +to an external process — is not gated by the `kInspector` scope or any other Permission Model scope. A sandboxed process running under --permission with no additional grants can call process.\_debugProcess(pid) to force another Node.js process to open its V8 Inspector. The target process does not need to be running