Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow defining what file system permissions a package may have access to. #51878

Closed
ghost opened this issue Mar 23, 2022 · 2 comments
Closed

Comments

@ghost
Copy link

ghost commented Mar 23, 2022

In light of the node-ipc malware, I am now worried about what code packages may secretly inject into my software. Of course there is always some element of trust required with module dependencies, but at the same time, no one has time to review every single update to every single module they use in their project to make sure nothing malicious has occurred.

Recommend a go.mod or similar file that allows defining if network and/or file access is permitted.

@mengzhuo
Copy link
Contributor

OS has offer "file permission" as for the node-ipc incident is what you WILL get by using dymanic language.
It's unlikely happend around Go ecosystem since most of Go programe/module are distributed by source code and you have to compile them by yourself.

Unlike other projects, we do not use the issue tracker for questions such as these. It is only used for bugs and feature proposals. I will close this issue and please visit https://github.com/golang/go/wiki/Questions.

@ALTree
Copy link
Member

ALTree commented Mar 23, 2022

Some discussion in #50632 (comment).

@golang golang locked and limited conversation to collaborators Mar 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

3 participants