tetraodonpuffer

Given that it seems nowadays impossible to run applications as a different user (as in, logged in as user1, run IntelliJ as user2) on a Mac, how do you protect yourself against random dependencies or curlbash installers doing things you wouldn’t want them to?

Something like Little Snitch can protect against something POSTing your key vault or other sensitive data somewhere. SSH/GPG keys can be put on a token, but what else can you do besides running everything on docker or in a VM and having to pay the performance overhead?

It would be nice if it was possible to run a space as a different “sub user” with no permission on the master user’s files (maybe done via screen sharing to localhost?) and/or being able to assign folder/file access permission on a whitelist/blacklist basis per process for example.

I personally have ended up separating all my documents and important browsing (banking etc) to a separate computer I ONLY use for that (with separate browser profiles too, I wish you could run firejail on Mac btw), but it would be nice if there was a way to improve the situation for cases where that is not possible.

Over my career I have used several different editors, and I have usually customized them more or less extensively. With emacs/vim one can easily inspect the plugin/extension code for any security issue and if using a package manager, lock it to specific git commit hashes so that even if moving to a new machine, one still has the exact same code.

For example Doom Emacs is predicated on using specific commits, and not head versions of plugins, and in vim/neovim it's easy to achieve it using say minpac (although extensions like CoC in vim would be more problematic of course)

These days having to work in Java I am using IntelliJ quite a bit, but plugins in intellij are basically compiled java applications that can do anything and do not seem to be sandboxed in any way (I have not found any discussions about plugins sandbox/permissions when searching, but given plugins available it seems that is not happening). I have been considering switching to VSCode for its remote functionality, but given that its extensions are basically arbitrary javascript also with huge amounts of dependencies, it makes me a bit uneasy. VSCode has had a github issue open about sandboxing/permissions for a significant amount of time, but it does not seem to have been implemented yet. This is a bit surprising because I would've thought that an electron based editor would at least have a plugins can access only editor buffers / can not open network connections kind of permissions.

What do you do / what do you feel comfortable with in your day to day life? Not use plugins at all? Use plugins only made by the editor developer (Microsoft/Jetbrains, although of course you're still exposed to dependency security issues)? Use other plugins say firewalling the editor (via Little Snitch say)? Only ever manually install plugins and never auto update them after building them yourself from source? And does your company have any security policies about this?