https://bugs.kde.org/show_bug.cgi?id=443590
Bug ID: 443590
Summary: There's no way with LSP client plugin to avoid
language server in untrusted projects
Product: kate
Version: 21.08.1
Platform: Other
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Some language servers / ecosystems run unsandboxed code by default. One example
here is Rust's RLS and rust-analyzer servers because compiling dependencies may
require calling build scripts or procedural macros. A malicious developer can
create a repository that, when a language server is started for it, executes
arbitrary malicious code on the developer's machine without any sandbox (or,
best case, in Kate's sandbox if there's one).
At the moment there's no nice way to use language server in trusted projects,
but still be able to open a random cloned repository with Kate without this
risk. Ideally a user should be able to open projects as untrusted by default,
and only enable the language server if they mark the project as trusted.
Notably, this mark should be local so that a malicious repository cannot mark
itself trusted.
--
You are receiving this mail because:
You are watching all bug changes.
