bamurtaugh
commented
8 months ago Thanks for opening. I wonder if something like "runArgs": ["--no-creds"] would help. @chrmarti any thoughts?
Open erikschul opened 8 months ago
bamurtaugh
commented
8 months ago Thanks for opening. I wonder if something like "runArgs": ["--no-creds"] would help. @chrmarti any thoughts?
erikschul
commented
8 months ago I use Remote/SSH with devcontainers (using remote docker host).
It would be nice to configure it in the devcontainer.json, but this wouldn't work if the file is writeable in the devcontainer (a virus could modify it, to gain privileges on next window reload).
An alternative could be the global settings.json, to deny sharing globally (ssh+devcontainers), and allowlist/denylist for certain devcontainer's by name / host by ssh config name.
But a devcontainer name could be modified to escalate privileges, although it would require the virus to guess the name.
I don't think runArgs would work, because I frequently use Open this folder in a devcontainer, which opens a new window.
I think the simplest solution is a feature to disable all credential sharing globally (ssh+devcontainers), and not allow local .vscode/settings.json etc. to override it.
I'm happy to manually copy/mount credentials where relevant.
chrmarti
commented
7 months ago Git credentials can be controlled in the user settings:
SSH and GPG agents are automatically forwarded. You could shut down the local ssh-agent and gpg-agent if you have these to avoid that.
erikschul
commented
7 months ago @chrmarti
Perhaps most people use devcontainers mainly to have a reproducible and shareable development environment, with little concern for security. For example, on GitHub Codespaces, I assume every codespaces receives a fully privileged GitHub token?
My use case is distinctly different, in that I would want the codespace to have a very fine-grained token, for example only the ability to modify one specific branch, and open a pull-request.
Therefore, I need a way to entirely disable credential sharing (i.e. tokens and agent forwarding). I'll be happy to be manually responsible for injecting the relevant token and gitconfig.
My request is whether this use case can be supported with minimal effort, e.g. global config to disable it.
cadem
commented
5 months ago Git credentials can be controlled in the user settings:
SSH and GPG agents are automatically forwarded. You could shut down the local ssh-agent and gpg-agent if you have these to avoid that.
I have the same problem, but I tried this setting, it doesn't work, and this setting is not designed for this problem. can the problem of stopping credential sharing be resoved by setting?
vs-code-engineering[bot]
commented
1 month ago Hey @chrmarti, this issue might need further attention.
@erikschul, you can help us out by closing this issue if the problem no longer exists, or adding more information.
chrmarti
commented
1 month ago Having a single user setting to disable all credential forwarding makes sense. 👍
I would like to disable credential sharing. I searched the docs but didn't find any setting. Is this possible?
AFAIK, on MacOS, credential sharing is automatic: https://code.visualstudio.com/remote/advancedcontainers/sharing-git-credentials
This is problematic, because I wouldn't like the devcontainer to have any credentials.