Am I understanding right the extension was free to download code from internet and execute with enough rights to scan the user's disk? That is wild. Does this mean every company is one bad extension install away from having its entire codebase stolen or worse?
I naively assumed the extensions were 'sandboxed' to some degree.
I also naively thought that IDE extensions where sandboxed until I worked myself on making extensions.
Well, it’s absolutely not and you can access the full filesystem. Which is handy if you are legit, but very permissive & much more a security threat than I imagined.
VSCode on MacOS asks me if it can access my Download/Documents/etc folder... and if I trust the files in directory X that I just opened. Yet, extensions can just bypass all those safeguards?
I believe extensions inherit the permissions that the editor has already - so if you've given Cursor or VS Code permission to access a folder any extensions they run later can access it too.
I agree, this seems bad! Sandboxing is still a very weakly implemented craft for most applications, especially those that run extensions or plugins.
(I build a lot of software that runs plugins and has no sandboxing at all, and it really frustrates me. I'm constantly looking out for cross-platform Python-friendly sandboxing tech that might help with this in the future.)
> Sandboxing is still a very weakly implemented craft for most applications
voice of decades past -- sandboxing is very well known and deeply implemented in many aspects of ordinary daily computing; sandboxing is endlessly difficult and can be mis-applied; people who want to break into things and steal and wreak havoc ruin software environments for everyone else.
I’m monitoring this area as well. You’ve probably run across these already but extism, a polyglot plugin framework, can be hosted in Python[1] and has evolving support for writing plugins in Python [2]. Another option is container2wasm[3].
I actually tried running clickhouse in container2wasm and it crashed because it only had one CPU core, so YMMV—although that shouldn’t be a problem for Python (or any code custom built for your plugin framework).
For me, I want to avoid separate processes. I definitely want to avoid separate VMs.
Definitely install something like little snitch and keep an eye out for the requests that come out of vscode.
I’ve become very paranoid with extensions as of late. It’s great that llms have gotten so good and banging out personal tools. I am using a few home grown extensions in my own setup.
These systems rely on downloading and executing much more untrusted software than you could ever imagine. Please dig deeper into this for yourself, I think that's the only way for anyone to truly appreciate the mess we are getting ourselves into.
Even with just internet access an extension could upload your entire codebase. Git extensions for example need this level of access by design. How else could you set a different remote and push all refs:)
This is the allure of shipping software with Electron; you get to use your familiar webdev platform, but with all those pesky security constraints gone. I mean, why else wouldn't you just have people use a web page? (OK, you also get easier access to the Start menu.)
Being a developer of an Electron application myself, it's probably accurate to say that Electron is a NodeJS application with APIs for interacting with instances of web renderers which themselves use a fork of Chromium to render HTML content.
I naively assumed the extensions were 'sandboxed' to some degree.