Comments (2)
Thank you for the suggestion!
We could restrict the file picker to the workspace root(s), and do the same with the "open file" picker, but this would not really close any security holes as the user will still have access to the files through the command line, extensions, and the debugger.
I think the only way to reliably achieve this is to use a chroot or run code-server in a VM/container. It sounds like you are already running in a container though and I assume you have users and permissions on the directories set up correctly, so is there actually a security risk here?
Duplicate of #600
from code-server.
from code-server.
Related Issues (20)
- About sharing the same extension dir for different sytem platform HOT 1
- code server interactive window takes forever to load HOT 3
- 4.23.1 breaks within selfhosted coder instance HOT 4
- Add --base-path flag for use with absolute proxy
- vscode server existing recall is not working HOT 1
- Can't install remote extensions HOT 14
- Update Code to 1.89 HOT 4
- Support hyperlinks to local/project files with scheme like `vscode://` / `code-oss://` HOT 9
- iPad safari: rust project: click `run` or `debug` button not working HOT 1
- Update Node.js version HOT 1
- Remove the first "code-server" in the window title (in PWA) HOT 3
- Serious Bug HOT 1
- Please Support LoongArch64
- tmLanguage.json changes do not appear without resetting browser cache HOT 2
- Need to restrict copy and paste in vscode
- Version 21 support HOT 1
- Code-server version jumps. HOT 3
- [helm chart] Support emptyDir type volume mounts
- Safari 14 (macOS 11 / iOS 14) no longer able to load vscode interface HOT 8
- Syntax highlighting does not work behind Nginx. HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from code-server.