You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Feb 17, 2024. It is now read-only.
During the early development of the project, we chose to automatically inherit the environment of the host in guest processes to simplify configuration and have a default that would serve well for fast iteration over the project development.
Now that the project matures, we may want to revisit those early design decisions.
Inheriting the environment may be a security risk, especially when executing processes to handle asynchronous tasks in scenarios where the code may come from a third party
There is a relationship between [STE-104] sandbox: file system isolation #152 and the notion of a working directory; guest languages such as Go use the PWD environment variable to determine the current working directory and emulate the functionality which typically belongs to the operating system; timecraft could automatically set this variable to the value of the current working directory (see cmd/wasirun: add --env-inherit flag from wazero wasi-go#78 for related context as well)
During the early development of the project, we chose to automatically inherit the environment of the host in guest processes to simplify configuration and have a default that would serve well for fast iteration over the project development.
Now that the project matures, we may want to revisit those early design decisions.
Inheriting the environment may be a security risk, especially when executing processes to handle asynchronous tasks in scenarios where the code may come from a third party
There is a relationship between [STE-104] sandbox: file system isolation #152 and the notion of a working directory; guest languages such as Go use the
PWDenvironment variable to determine the current working directory and emulate the functionality which typically belongs to the operating system; timecraft could automatically set this variable to the value of the current working directory (see cmd/wasirun: add --env-inherit flag from wazero wasi-go#78 for related context as well)