Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
deps: disable io_uring support in libuv by default
setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This potentially allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). Similar concerns apply to other functions that modify the process's user identity. This commit changes libuv's io_uring behavior from opt-out (through UV_USE_IO_URING=0) to opt-in (through UV_USE_IO_URING=1) until we figure out a better long-term solution. PR-URL: nodejs-private/node-private#528 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> CVE-ID: CVE-2024-22017
- Loading branch information
This doesn't document what
value
is?