Open SteveL-MSFT opened 2 months ago
Anywhere that dsc reads a file, we should check that the file and it's containing directory isn't world writable. If so, we should error and not allow as it is not trusted.
dsc
No response
Probably, such strict mode should be opt-in. Otherwise users, who just want to run their configs, will be getting a lot of roadblocks.
strict mode
We can have it opt-out
Summary of the new feature / enhancement
Anywhere that
dsc
reads a file, we should check that the file and it's containing directory isn't world writable. If so, we should error and not allow as it is not trusted.Proposed technical implementation details (optional)
No response