Hi,
Maybe I'm a bit paranoid, but I just tried out the new GetBundles and GitHub integration. I like the idea (that it dynamically finds GitHub projects).
I'm just worried about the security implications. Does TextMate sandbox bundles? I mean, technically speaking, GetBundles lets you download unknown bundles which can execute arbitrary code on my machine.
I'm also inspired by the GitHub/TextMate solution and would like to use a similar interface for downloading script modules in my app. I'm just hoping there's a good way to secure them.
Thanks so much! -Geoff
On 23.12.2008, at 13:53, Geoffrey Hutchison wrote:
I'm just worried about the security implications. Does TextMate sandbox bundles? I mean, technically speaking, GetBundles lets you download unknown bundles which can execute arbitrary code on my machine.
This is a good point. As far as I know TextMate doesn't sandbox any downloaded bundle. I guess it would be very complicated to do so.
The only way to verify bundles I see is that the entire TextMate community is aware of it, meaning if there's a security issue of a given bundle each user who encountered it will post a message to that list or leave a message in the IRC channel immediately.
Then the user should logged in as 'normal' user (i.e. no admin rights) to minimize the danger of executing hazardous code.
I do not know if TM2 will be able to handle this security issue but this is an overall problem of downloading any app from net.
I'm using TextMate for years I did not encounter any security problem (only one evil (tongue-in-cheek) "joke" in that mailing list).
--Hans
On Tue, Dec 23, 2008 at 1:53 PM, Geoffrey Hutchison geoff@geoffhutchison.net wrote:
technically speaking, GetBundles lets you download unknown bundles which can execute arbitrary code on my machine.
Remember, you are downloading code from public code repositories, where you can
a) check the code for security issues
b) identify the creator and report those issues
I think if somebody where to include malicious code on a bundle, it would be kicked out of the community quite fast...
On the other hand, code does not always work as expected and yes, there is a risk some script running out of control ends up erasing your whole hard disk... But I think we've done a pretty good job until now (meaning: all stuff in edge is pretty well tested before it gets out in a public release : )
Me, I'd rather have an open space, nicely gardened by volunteers than a walled sandbox.
Just my 0.02
-
Ale Muñoz -
Geoffrey Hutchison -
Hans-Jörg Bibiko