code-server icon indicating copy to clipboard operation
code-server copied to clipboard

Published 20 hours ago verified publisher icon coder

Is there a way to disable the terminal?

Open rdbeach opened this issue 4 years ago • 9 comments

Hi. I was wondering if it was possible to disable the terminal. This would involve both removing from the UI and preventing terminal requests from being processed by the server. Or if you could direct me to the part of the code where terminal requests are handled, that would be helpful. I've been looking at the code for a few days now, but am finding the execution flow very difficult to follow. Thx.

rdbeach avatar Aug 02 '20 16:08 rdbeach

There's no way to disable it at the moment so we'd need to add it.

The terminal requests are handled via the extension host protocol. The server-side implementation is in lib/vscode/src/vs/workbench/api/node/extHostTerminalService.ts so maybe we could just throw errors if those methods are called and terminals are disabled.

Terminals are used for debugging as well so doing this will also disable debugging.

In terms of the UI I think it might be better to leave everything in and show a message when trying to access the disabled functionality. Something like "terminals have been disabled" just to prevent anyone from thinking the missing terminals are a bug or something like that especially if they're familiar with VS Code already.

For the terminal we can write a message in lib/vscode/src/vs/workbench/contrib/terminal/browser/terminalInstance.ts by adding an xterm.write("message").

You might have already considered this but just in case you'll also probably need to disable installing new extensions (or whitelist extensions in some way) and make the extensions directory read-only (or restrict the file picker, see https://github.com/cdr/code-server/issues/1834) so users can't add an extension that just bypasses all this and gives them access to run commands on the system.

Depending on your goal it might be easier to run code-server in some kind of jail but I think we plan on doing this for collaboration eventually anyway (we'd disable all the "dangerous" stuff for the guests) so it wouldn't be bad to get a start on it.

code-asher avatar Aug 03 '20 16:08 code-asher

Any updates?

dyegoaurelio avatar Jan 16 '21 11:01 dyegoaurelio

No work has been done here yet.

code-asher avatar Jan 19 '21 16:01 code-asher

Regarding the security aspect, also consider the VS Code tasks system, Git hooks, and probably a lot more. The attack surface here is extremely large.

Livven avatar Jun 11 '21 16:06 Livven

Any updates?

qqw78901 avatar Jul 12 '21 04:07 qqw78901

No updates. For now it's still in the backlog and I think it's unlikely we will get to it any time soon.

code-asher avatar Jul 12 '21 15:07 code-asher

Any update?

laza6030 avatar Dec 10 '21 11:12 laza6030

No, the issue is still on the backlog.

code-asher avatar Dec 10 '21 16:12 code-asher

If someone picks this up here are some investigation notes: https://github.com/coder/code-server/discussions/6138#discussioncomment-5585235

code-asher avatar May 02 '23 21:05 code-asher