This repository has been archived by the owner on Feb 17, 2024. It is now read-only.
Decide whether inheriting all environment variables is the right model #167
Labels
question
Further information is requested
Comments
|
For a nice balance of convenience and security, maybe the root process inherits the environment and disk access, but sub-processes that are spawned implicitly to handle tasks do not? The user can opt-out of the default root process access, and opt-in (via application code to spawn tasks) to passing environment variables and exposing parts of the file system? |
|
This seems like a good model to try out 👍 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
During the early development of the project, we chose to automatically inherit the environment of the host in guest processes to simplify configuration and have a default that would serve well for fast iteration over the project development.
Now that the project matures, we may want to revisit those early design decisions.
Inheriting the environment may be a security risk, especially when executing processes to handle asynchronous tasks in scenarios where the code may come from a third party
There is a relationship between [STE-104] sandbox: file system isolation #152 and the notion of a working directory; guest languages such as Go use the
PWDenvironment variable to determine the current working directory and emulate the functionality which typically belongs to the operating system; timecraft could automatically set this variable to the value of the current working directory (see cmd/wasirun: add --env-inherit flag from wazero wasi-go#78 for related context as well)The text was updated successfully, but these errors were encountered: