Comment by Groxx
3 days ago
It is beyond madness and well into "intentionally negligent" to release a plugin system without a permissions model in, like, the last 20 years. Can't believe people aren't up in arms about how wide open vscode and similar things are, particularly now that docker is widespread.
Thanks for building a scanner! I wish it wasn't necessary :/
IDK, I have built a plugin system myself. It is very hard to have a plugin system that is both powerful, versatile and sandboxed. Like with with anything you can pick 2. Most of the plugins I use in vscode like prettier, rust analyzer, etc all need file access and process spawn. So if you sandbox it they would all need max access anyway which kind of defeats the purpose.
There is an enormous amount of space between "it must be written in lua for safety" and "leftpad can upload your entire hard drive and then ransom it back to you".
Right now we have the latter.
Sure but it would be nice to differentiate the permissions given to rust-analyzer and, say, "TODO Highlight"
There's a big difference between max access and giving permission to run a specific binary which itself has no restrictions.
The difference does matter less when the binary and plugin are produced by the same group or individual though.
It’s not entirely unreasonable for VSCode to implement and enforce the same user acceptance controls that are currently ubiquitous on mobile platforms.