Explore node permissions in worker runtime

[josephjclark]

node 24 introduced a new permissions model (inspired by deno?)

You can do things like limit what env vars are available to the process or block access to the file system. Both of these things could be important security updates to the worker.

https://nodejs.org/api/permissions.html

[josephjclark]

Oh actually it looks like file system permission is restricted by default? https://nodejs.org/api/permissions.html#file-system-permissions

We also block the FS through the sandbox so I don't know how valuable this is. I suppose what we want to watch for is malicious job code spinning up new processes on our server. Those new processes would be outside the permissions model

[josephjclark]

Permissions are not inherited by worker threads