Comment by jazzyjackson
2 years ago
yea I was recently dismayed to find vscode extensions have full network access and there's no way to prevent it. It's been an open issue since 2018 and not on the roadmap.
2 years ago
yea I was recently dismayed to find vscode extensions have full network access and there's no way to prevent it. It's been an open issue since 2018 and not on the roadmap.
Is that something people really expect of their IDEs these days?
In my mind, an IDE needs to be able to read all the files I can read myself, it needs to be able run arbitary tools like compilers and linkers then run the resulting compiled code, it needs a debugger that can attach to running processes and mess with them, it needs to be able to pull from the language's package repository when you ask it to, it needs to talk to your git server when needed, it needs access to your SSH keys to do that. About the only thing the IDE doesn't need is to run as root - and if you're working with Docker it basically needs that too.
The idea of an IDE with pluggable language support safely running plugins from untrusted sources? I can't imagine how such a thing could even be possible?
Just adding another point of view.
I'm a data scientist, intrinsic to my job is to work with private data that is usually vital to the company or 3rd party, the thought of running any plugins/software from untrusted sources is just insane in this environment.
Basically anything that isn't in the internal repository is a big no, so that rules out the pulling from the language package repository.
Access to the git server is handled at network level outside the workstation, I can only access a few services anyway, not regular internet access, the ssh keys are only valid for a period of time & current project, preconfigured in an image.
Some of us just have different needs.
Having network access from within the IDE so I can use tools that reach out to package managers and remote git servers - yes, of course that is expected behavior.
If I want to install an extension that gives me syntax highlighting and code intelligence for an obscure template language, why should I expect that extension to have unfettered network access to exfiltrate my ptivate files?
Like the dead guy said, when working with private customer data it's just not on the table to take the risk, I am stuck running vanilla vs code.
A different (Visual Studio Code) example that uses network access and runs executables from untrusted sources: embedded development. You have everything from tools like PlatformIO, that manages the toolchain for microcontrollers from multiple vendors; to ESP-IDF, that manages the toolchain for microcontrollers based upon multiple architectures; to Raspberry Pi Pico, which uses the IDE as a simplified installer for their toolchain.
With some compilers leaning on user side, rather than system side, toolchain management (e.g. Rust), I would imagine that plugins managing that would be desirable as well.
Keep in mind, computers are about automation. We should be able to reap the benefits of that automation to the greatest degree possible. Alas, we can't due to bad actors.
Well a permission model is one way, like OSes have. Another is something like elm with controlled effects, so you can just search the source code and see if something is off.
The idea of everything on a system having open net access is going to have to go, not just for this reason but also privacy. It’s kind of amazing it’s still the default everywhere.
Also supply chain attacks are a freight train barreling down the tracks. The gate is down and the crossing bells are dinging but our car is stuck on the tracks.
Ever since the xz thing almost worked every black hat group on the entire planet is trying their hand at this. The days of software dev as a high trust environment are going to be over fast.
> The days of software dev as a high trust environment are going to be over fast.
That's good
Quite tired of being the only one in my org with outbound firewall rules
At our org we run code-server in docker with no network access except pre-allowed DNS, and a white listed squid proxy, due to this.
It works really well for us and prevents potentially bad extensions, python libraries, etc exfilling our code, data, etc.