Comment by sigmoid10

5 months ago

None of those methods are even remotely reliable for filtering out bad code. See e.g. this excellent write up on how many methods there are to infect popular repos and bypass common security approaches [1] (including Github "screening"). The only thing that works nowadays is sandbox, sandbox, sandbox. Assume everything may be compromised one day. The only way to prevent your entire company (or personal life) from being taken over is if that system was never connected to anything it didn't absolutely require for running. That includes network access. And regarding separation, even docker is not really safe [2]. VM separation is a bit better. Bare metal is best.

[1] https://david-gilbertson.medium.com/im-harvesting-credit-car...

[2] https://blog.qwertysecurity.com/Articles/blog3.html

6 comments

sigmoid10

naugtur 5 months ago

We're making software that doesn't rely on filtering, but Principle Of Least Authority at runtime.

https://lavamoat.github.io

https://hardenedjs.org

croes 5 months ago

Or writing everything by yourself.

sigmoid10 5 months ago
You'd have to write the standard libraries and OS as well. Not that it can't be done, but let's just say that people who tried that did not fare well in the mental health department.
- croes 5 months ago
  
  If you don’t trust the standard libraries and the OS you can’t trust the sandboxed either
  
  1 reply →
- exe34 5 months ago
  
  you don't need to write the whole standard library - just the bits you need.