[flutter/dart] Is it possible to ask for permission for dangerous operations for Flutter contributors

[hellohuanlin]

Use case

Background: #186412

It is scary that a random Flutter script can nuke folders like ~/Desktop. The damage is real - in my case, I lost my repos (with a few local branches that I didn't push), but it could have been worse for other contributors.

Proposal

I wonder if it is possible to limit what flutter/dart can do, and explicitly ask for permission for dangerous operations like this. As a flutter contributor, I'd appreciate this kind of protection.

[jtmcdole]

#186412 is not a tool issue, its a script issue in flutter/dev/devicelab/bin/tasks/module_uiscene_test_ios.dart

I think it should just create a new, temporary folder in the target folder, and clean that up.

[hellohuanlin]

#186412 is not a tool issue, its a script issue in flutter/dev/devicelab/bin/tasks/module_uiscene_test_ios.dart

I think it should just create a new, temporary folder in the target folder, and clean that up.

While this is definitely a script issue, I think it also highlights a broader security risk. Adding an extra layer of safety within flutter/dart tooling itself would protect users and CI systems from similar, potentially catastrophic file-system accidents caused by other scripts down the road.

[saurabh-mirajkar]

@hellohuanlin Thanks for the proposal. Routing to team-tool to investigate further.

[bkonyi]

In theory, this is something that we can try and do. We can setup IOOverrides for the test environment and ensure that all file system operations occur under $TMP. I'm not sure if that would have any unintended consequences or not.

The only way to be completely safe would be to run everything in a proper sandbox.