live-share icon indicating copy to clipboard operation
live-share copied to clipboard
verified publisher icon microsoft

liveshare.languages.allowGuestCommandControl can be written by a guest to a workspace settings.json to enable control, circumventing the host enabling it

Open devzeebo opened this issue 2 years ago • 3 comments

Describe what happened:

What was your system configuration? Live Share Extension Version: 1.0.5883

Version: 1.82.2 (user setup) Commit: abd2f3db4bdb28f9e95536dfa84d8479f1eb312d Date: 2023-09-14T05:55:25.390Z Electron: 25.8.1 ElectronBuildId: 23779380 Chromium: 114.0.5735.289 Node.js: 18.15.0 V8: 11.4.183.29-electron.0 OS: Windows_NT x64 10.0.22621

Steps to Reproduce / Scenario:

  1. Join a live share session as a guest
  2. Create or open the workspace's .vscode/settings.json
  3. Add "liveshare.languages.allowGuestCommandControl": true
  4. Save the file
  5. You can now run Quick Fixes as the guest user

Please attach logs to this issue: You can access them via the Live Share: Export Logs command from the command palette (ctrl + shift + p) and attach them to this issue

Screenshots If applicable, add screenshots to help explain your problem.

devzeebo avatar Sep 22 '23 15:09 devzeebo

Good afternoon!

My team recently ran into this as well but we added a .vsls.json file in our workspace to prevent folks from seeing or editing the .vscode/settings.json file per this.

Below is the contents of that file:

{
  "$schema": "http://json.schemastore.org/vsls",
  "gitignore": "exclude",
  "excludeFiles": [".gitignore", ".vscode/settings.json", "!node_modules"],
  "hideFiles": [".gitignore"]
}

blabute avatar Jun 04 '24 19:06 blabute