Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't start the extension host in debug mode by default #82296

Closed
roblourens opened this issue Oct 10, 2019 · 1 comment
Closed

Don't start the extension host in debug mode by default #82296

roblourens opened this issue Oct 10, 2019 · 1 comment
Assignees
@roblourens
Labels
bug Issue identified by VS Code Team member as probable bug verified Verification succeeded
Milestone
September 2019 Re...

Comments

@roblourens
Copy link
Member

roblourens commented Oct 10, 2019
edited by kieferrm
Loading

We start the extension host in debug mode at launch to support easy profiling and debugging it. This was reported as a potential vulnerability . Thanks to Francesco Soncina (MSRC 53814) and Tavis Ormandy (MSRC 54281).

This issue is already fixed in Insiders, but it depends on Electron 6 so we are preparing a simpler fix for stable.

The fix prevents the extension host from starting in debug mode by default. It will only start in debug mode if explicitly opted-in to with the --inspect-extensions flag. This flag is set for extension host debugging, auto profiling, and profiling/debugging through the "Show Running Extensions" page. EH debugging will work as normal, and the others will prompt the user to restart VS Code, and the EH will be started in debug mode.
@roblourens roblourens added this to the September 2019 Recovery milestone Oct 10, 2019
@roblourens
Copy link
Member Author

Fixed in 7f87a64

@roblourens roblourens self-assigned this Oct 10, 2019
@roblourens roblourens added bug Issue identified by VS Code Team member as probable bug verified Verification succeeded labels Oct 10, 2019
@cyfrost cyfrost mentioned this issue Oct 11, 2019
Closed
@vscodebot vscodebot bot locked and limited conversation to collaborators Nov 25, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@roblourens roblourens

Labels
bug Issue identified by VS Code Team member as probable bug verified Verification succeeded
Projects
None yet
Milestone
September 2019 Recovery
Development

No branches or pull requests
1 participant
@roblourens