|
|
|
|
|
|
by franga2000
1814 days ago
|
|
|
There is a third approach, which is both safe and convenient, but unfortunately it's not universal and well supported on modern systems - segregation. The vast majority of applications don't actually need access to your operating system. My entire development environment for each project I work on could run in its own container or even VM and I'd simply connect my interface into it. Builds, tests and the app itself could easily run inside a container - web apps can simply expose a TCP port and GUI apps can use X forwarding or the platform equivalent. Other programs that need external devices (like a serial connection to an MCU) could have those and only those passed in. And if we're even more paranoid and worried about code exploiting our editor and tools, the editor could also be just a simple thin client with all the linters, language servers and everything else running in the container. For VS Code, this already exists for cloud development services (Che, etc.). |
|
|