undefined | Better HN

0 pointsmcoliver1y ago0 comments

There are plenty of worlds that take security more seriously and practice defense in depth. Your response could use a little less hubris and a more genuinely inquisitive tone. Looks like others have already chimed in here but to respond to your (what feels like sarcasm) questions:

- You can have a submission process that accepts a package or downloads dependencies, and then passes it to another machine that is on an isolated network for code execution / build which then returns the built package and logs to the network facing machine for consumption.

Now sure if your build machine is still exposing everything on it to the user supplied code (instead of sandboxing the actual npm build/make/etc.. command) you could insert malicious code that zips up the whole filesystem, env vars, etc.. and exfiltrates them through your built app in this case snagging the secrets.

I don't disagree that the secrets on the build machine were the big miss, but I also think designing the build system differently could have helped.

0 comments

TheDong1y ago

You have to meet your users where they are. Your users are not using nix and bazel, they're using npm and typescript.

If your users are using bazel, it's easy to separate "download" from "build", but if you're meeting your users over here where cows aren't spherical, you can't take security that seriously.

Security doesn't help if all your users leave.

jasonkester1y ago

The simple solution would be to check your node-modules folder into source control. Then your build machine wouldn’t need to download anything from anywhere except your repository.

j / k navigate · click thread line to collapse