mashin
mashin copied to clipboard
Published
20 hours ago •
nutshimit
nutshimit
Permissions
Is there an existing issue?
- [X] I have searched the existing issues
Motivation
We need to do some research and POC on whats the best solution to limit the cdylib
The engine restricts access to all external resources, such as environment variables and the file system. To grant access to a specific resource, users must explicitly allow it using command-line flags.
Request
For example, to access an environment variable, the user must use the --allow-env=VARIABLE_NAME flag:
mashin run --allow-env=AWS_API_KEY https://mashin.land/test/create_namespace.ts
Similarly, to access the file system, users must use the --allow-read and --allow-write flags, specifying the paths they want to grant read or write access to:
mashin run --allow-read=/path/to/config --allow-write=/path/to/output https://mashin.land/test/create_namespace.ts
This permission system significantly reduces the risk of data leakage and ensures that the execution environment remains secure and controlled.
Solution
No response
Are you willing to help with this request?
Yes!
