diff --git a/benchmark/fs/readfile-permission-enabled.js b/benchmark/fs/readfile-permission-enabled.js
index 3053d5aa08f055..08ac831cd73d1b 100644
--- a/benchmark/fs/readfile-permission-enabled.js
+++ b/benchmark/fs/readfile-permission-enabled.js
@@ -19,7 +19,12 @@ const bench = common.createBenchmark(main, {
   len: [1024, 16 * 1024 * 1024],
   concurrent: [1, 10],
 }, {
-  flags: ['--experimental-permission', '--allow-fs-read=*', '--allow-fs-write=*'],
+  flags: [
+    '--experimental-permission',
+    '--allow-fs-read=*',
+    '--allow-fs-write=*',
+    '--allow-child-process',
+  ],
 });
 
 function main({ len, duration, concurrent, encoding }) {
diff --git a/src/spawn_sync.cc b/src/spawn_sync.cc
index ae4a85a42d6166..b3c0fabafdaad2 100644
--- a/src/spawn_sync.cc
+++ b/src/spawn_sync.cc
@@ -369,6 +369,8 @@ void SyncProcessRunner::Initialize(Local<Object> target,
 
 void SyncProcessRunner::Spawn(const FunctionCallbackInfo<Value>& args) {
   Environment* env = Environment::GetCurrent(args);
+  THROW_IF_INSUFFICIENT_PERMISSIONS(
+      env, permission::PermissionScope::kChildProcess, "");
   env->PrintSyncTrace();
   SyncProcessRunner p(env);
   Local<Value> result;
diff --git a/test/parallel/test-permission-deny-child-process-cli.js b/test/parallel/test-permission-deny-child-process-cli.js
index 7f15cacd0d2a3a..3ce473ab498e0e 100644
--- a/test/parallel/test-permission-deny-child-process-cli.js
+++ b/test/parallel/test-permission-deny-child-process-cli.js
@@ -24,12 +24,24 @@ if (process.argv[2] === 'child') {
     code: 'ERR_ACCESS_DENIED',
     permission: 'ChildProcess',
   }));
+  assert.throws(() => {
+    childProcess.spawnSync(process.execPath, ['--version']);
+  }, common.expectsError({
+    code: 'ERR_ACCESS_DENIED',
+    permission: 'ChildProcess',
+  }));
   assert.throws(() => {
     childProcess.exec(process.execPath, ['--version']);
   }, common.expectsError({
     code: 'ERR_ACCESS_DENIED',
     permission: 'ChildProcess',
   }));
+  assert.throws(() => {
+    childProcess.execSync(process.execPath, ['--version']);
+  }, common.expectsError({
+    code: 'ERR_ACCESS_DENIED',
+    permission: 'ChildProcess',
+  }));
   assert.throws(() => {
     childProcess.fork(__filename, ['child']);
   }, common.expectsError({
@@ -42,4 +54,10 @@ if (process.argv[2] === 'child') {
     code: 'ERR_ACCESS_DENIED',
     permission: 'ChildProcess',
   }));
+  assert.throws(() => {
+    childProcess.execFileSync(process.execPath, ['--version']);
+  }, common.expectsError({
+    code: 'ERR_ACCESS_DENIED',
+    permission: 'ChildProcess',
+  }));
 }
diff --git a/test/parallel/test-permission-deny-child-process.js b/test/parallel/test-permission-deny-child-process.js
index 36c0e9da86fc1f..7dbd9beb089e2b 100644
--- a/test/parallel/test-permission-deny-child-process.js
+++ b/test/parallel/test-permission-deny-child-process.js
@@ -31,12 +31,24 @@ if (process.argv[2] === 'child') {
     code: 'ERR_ACCESS_DENIED',
     permission: 'ChildProcess',
   }));
+  assert.throws(() => {
+    childProcess.spawnSync(process.execPath, ['--version']);
+  }, common.expectsError({
+    code: 'ERR_ACCESS_DENIED',
+    permission: 'ChildProcess',
+  }));
   assert.throws(() => {
     childProcess.exec(process.execPath, ['--version']);
   }, common.expectsError({
     code: 'ERR_ACCESS_DENIED',
     permission: 'ChildProcess',
   }));
+  assert.throws(() => {
+    childProcess.execSync(process.execPath, ['--version']);
+  }, common.expectsError({
+    code: 'ERR_ACCESS_DENIED',
+    permission: 'ChildProcess',
+  }));
   assert.throws(() => {
     childProcess.fork(__filename, ['child']);
   }, common.expectsError({
@@ -49,4 +61,10 @@ if (process.argv[2] === 'child') {
     code: 'ERR_ACCESS_DENIED',
     permission: 'ChildProcess',
   }));
+  assert.throws(() => {
+    childProcess.execFileSync(process.execPath, ['--version']);
+  }, common.expectsError({
+    code: 'ERR_ACCESS_DENIED',
+    permission: 'ChildProcess',
+  }));
 }
diff --git a/test/parallel/test-permission-deny-fs-symlink-target-write.js b/test/parallel/test-permission-deny-fs-symlink-target-write.js
index 931dccddba157a..8735cdc1c33209 100644
--- a/test/parallel/test-permission-deny-fs-symlink-target-write.js
+++ b/test/parallel/test-permission-deny-fs-symlink-target-write.js
@@ -1,4 +1,4 @@
-// Flags: --experimental-permission --allow-fs-read=* --allow-fs-write=*
+// Flags: --experimental-permission --allow-fs-read=* --allow-fs-write=* --allow-child-process
 'use strict';
 
 const common = require('../common');
diff --git a/test/parallel/test-permission-deny-fs-symlink.js b/test/parallel/test-permission-deny-fs-symlink.js
index c093800519406e..3e2f15507c692f 100644
--- a/test/parallel/test-permission-deny-fs-symlink.js
+++ b/test/parallel/test-permission-deny-fs-symlink.js
@@ -1,4 +1,4 @@
-// Flags: --experimental-permission --allow-fs-read=* --allow-fs-write=*
+// Flags: --experimental-permission --allow-fs-read=* --allow-fs-write=* --allow-child-process
 'use strict';
 
 const common = require('../common');
diff --git a/test/parallel/test-permission-fs-relative-path.js b/test/parallel/test-permission-fs-relative-path.js
index 73f0635d986585..b5938796ef0be0 100644
--- a/test/parallel/test-permission-fs-relative-path.js
+++ b/test/parallel/test-permission-fs-relative-path.js
@@ -1,4 +1,4 @@
-// Flags: --experimental-permission --allow-fs-read=*
+// Flags: --experimental-permission --allow-fs-read=* --allow-child-process
 'use strict';
 
 const common = require('../common');