top | item 42980081

(no title)

ajsharp | 1 year ago

This is the relevant part:

> The agent runs over port-forwarded SSH. It establishes a WebSockets connection back to your running VSCode front-end. The underlying protocol on that connection can:

- Wander around the filesystem - Edit arbitrary files - Launch its own shell PTY processes - Persist itself

When you ssh into a remote server as a client, afaik that server cannot execute arbitrary code on the client. At a minimum, the client would have to explicitly take action for that to happen.

discuss

KTibow|1 year ago

Is that to say that the server can do things on the client connecting to the server? That doesn't make much sense.

retsl|1 year ago

"For VS Code remote, the VS Code server is in the same trust boundary as the VS Code client. [...]

For Remote SSH: [...] A compromised remote could use the VS Code Remote connection to execute code on your local machine."

https://github.com/microsoft/vscode-remote-release/issues/66...

I wrote about it in a bit more detail a month ago because it seems to be a common misunderstanding: "VS Code Remote Dev and Dev Containers are not security boundaries" https://lets.re/blog/vscode-remote-dev/

Maxious|1 year ago

That's what makes this blog post worthy

unknown|1 year ago

[deleted]

inetknght|1 year ago

> When you ssh into a remote server as a client, afaik that server cannot execute arbitrary code on the client.

...assuming you have X11 forwarding disabled and/or don't have X11 server running on the same system that your client is running on.

yjftsjthsd-h|1 year ago

I'm pretty sure X11 forwarding is opt-in, not opt-out? That is, if you don't run `ssh -X` or -Y then this isn't a problem

awwaiid|1 year ago

If I have X11 forwarding on, what can Evil apps do? Launch UI for sure. Screenshots? I imagine so. What else? Send keyboard events, which would be game over?

khana|1 year ago

[deleted]