I think we are at the point where everyone really needs to run each project in its own vm.
Given the recent lpe vulns docker 100% won’t cut it.
And containers were never meant primarily as a security boundary anyways
I think we are at the point where everyone really needs to run each project in its own vm.
Given the recent lpe vulns docker 100% won’t cut it.
And containers were never meant primarily as a security boundary anyways
QubesOS had the right idea. You want layers and layers of security, with multiple VMs at the root.
See also: https://genode.org/
Also, in addition to isolation and https://en.wikipedia.org/wiki/Capability-based_security between processes, capability security within processes, see languages like E (https://web.archive.org/web/20260506035108/https://erights.o...) or Monte (https://monte.readthedocs.io/en/latest/index.html)
> had the right idea
Is it no longer the right idea?
I mean that in the sense that they had the idea way before the wave of rapid linux 0days and supply chain attacks were common. The design they picked has only become more relevant.
Devcontainers (I know it's not a full VM, but it's most prominent version of this "isolated development environment" concept) wouldn't fully protect you against this. Github credentials are automatically pulled into the container. If you are using other cloud services that need to be accessed within the container, this cred stealer will grab their creds too.
It would limit the blast radius, which at least is an improvement.
This is one reason I have my own dev container script. And the container pulls nothing in except whatever I explicitly put in my .podman folder. It runs without any GitHub access at all. I do all of that from the host machine.
Or a vm per container, if you insist on containers. I've have a couple of relaxed weeks recently due to running everything on VMs rather than some random Kubernetes service.
Luckily, projects using more secure language ecosystems like C and C++ are spared this kind of problems :-)
No, instead the code that isn't from a dependency is what will cause you to get pwned
I think you missed the joke/sarcasm there.
It's been less than a month since I responded to a comment on a different thread arguing basically the same thing about C/C++ in a serious way. I've long since lost the ability to distinguish.
Fair, I'm in fact not 100% sure it's a joke. But there's a smiley, that's pushing me to 90%.
The virus fest of the 90s would like a word with you and your C
you can't get infected through the package manager if your language doesn't have a package manager :) turns out C and C++ were playing 4D chess all along
[dead]
it's not going to help if you share a cache across security boundaries. That is what happened here and seems to be driving a spate of github action related problems.