Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[security] OS-level readwrite sandboxing for filesystem readwrites #180233

Closed
1 of 8 tasks
zm-cttae opened this issue Apr 18, 2023 · 7 comments
Closed
1 of 8 tasks

[security] OS-level readwrite sandboxing for filesystem readwrites #180233

zm-cttae opened this issue Apr 18, 2023 · 7 comments
Assignees
Labels
api feature-request Request for new features or functionality file-io File I/O *out-of-scope Posted issue is not in scope of VS Code
Milestone

Comments

@zm-cttae
Copy link

zm-cttae commented Apr 18, 2023

Problem statement

This feature request is part of an "epic" suggestion in #52116 (comment)
This feature request also replaces (supersedes) #174715

Proposed solution

An OS level transparent sandbox makes more sense (like Chromium does), as it won't require changing the code completely if it doesn't access anything it is not supposed to, or just add the small amount of additional stuff it does need.

Implementation details

This will prevent extensions from modifying system files and other files with semi-locked or locked chmod permissions.

Changes would apply to require("fs") and vscode.workspace.fs.
That way we could officially use /c/Program Files or /usr/bin with native APIs.

Proposed changeset

  • Ban vscode API readwrite access outside VS Code specific folders.
  • At system level, ban fs readwrite access outside VS Code specific folders.
  • Allowlist /c/Program* or /usr/bin (XDG programs) for file I/O ops.
  • Allowlist %USERPROFILE%/Documents or ~/documents (XDG documents) for file I/O ops.
  • Allowlist %ALLUSERSPROFILE% or ~/public (XDG publicshare) for file I/O ops.
  • Allowlist %PATH% files and temporary files directory.
  • Test that file I/O restrictions apply equally to VS Code and Node.js APIs.
  • Pentest in Docker container per Document the security model of VSCode Remote Development vscode-remote-release#6608.
@vscodenpa
Copy link

This feature request is now a candidate for our backlog. The community has 60 days to upvote the issue. If it receives 20 upvotes we will move it to our backlog. If not, we will close it. To learn more about how we handle feature requests, please see our documentation.

Happy Coding!

@vscodenpa
Copy link

This feature request has not yet received the 20 community upvotes it takes to make to our backlog. 10 days to go. To learn more about how we handle feature requests, please see our documentation.

Happy Coding!

@zm-cttae
Copy link
Author

zm-cttae commented Jun 12, 2023

Added a proposed changeset now that this has 20 upvotes! 🥳🎉 please critique or add suggestions

@dudicoco
Copy link

What about network access restrictions?

@zm-cttae
Copy link
Author

Interesting. Do you have any user story or problem statement there?

@dudicoco
Copy link

@zm-cttae yes, an extension could perform malicious actions using network calls:

  1. download a malicious file and run it
  2. send your code over to a malicious actor

@isidorn isidorn added the *out-of-scope Posted issue is not in scope of VS Code label Nov 24, 2023
@vscodenpa
Copy link

We closed this issue because we don't plan to address it in the foreseeable future. If you disagree and feel that this issue is crucial: we are happy to listen and to reconsider.

If you wonder what we are up to, please see our roadmap and issue reporting guidelines.

Thanks for your understanding, and happy coding!

@vscodenpa vscodenpa closed this as not planned Won't fix, can't repro, duplicate, stale Nov 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
api feature-request Request for new features or functionality file-io File I/O *out-of-scope Posted issue is not in scope of VS Code
Projects
None yet
Development

No branches or pull requests

5 participants