Right, that's why native add-ons and subprocess creation are disabled -- allowing them means you lose all control. It would be possible to allow a "blessed" set of addons in a number of ways: > > 1. Building them into the node.js executable. 2. Creating a directory that JavaScript doesn't have write access to, and allowing add-ons to be loaded only from there. 3. Specifying via a command line flag which add-ons are allowed (and somehow preventing spoofing)
But I haven't gone beyond thinking about this.
