Skip to content

security: release v1.14.6 with SEC-200 scope hardening#966

Open
EhabY wants to merge 1 commit into
release/v1.14.6from
security/scope-hardening-sec-200-1.14.6
Open

security: release v1.14.6 with SEC-200 scope hardening#966
EhabY wants to merge 1 commit into
release/v1.14.6from
security/scope-hardening-sec-200-1.14.6

Conversation

@EhabY
Copy link
Copy Markdown
Collaborator

@EhabY EhabY commented May 19, 2026

Summary

Cuts v1.14.6 off the v1.14.5 tag with the SEC-200 fix for users on the stable channel. The same change is being delivered on main in a separate PR.

Closes the SEC-200 attack path where a malicious .vscode/settings.json could override security-sensitive Coder settings — most notably the two command-execution settings (coder.headerCommand, coder.tlsCertRefreshCommand) called out in the original report.

The fix is metadata-only: each affected setting gets "scope": "machine". VS Code itself drops workspace and folder values for machine-scoped settings, so the malicious workspace value never reaches our code. No runtime guard is needed.

This PR also relaxes the release workflow so this release branch can publish without being merged into main first.

Why machine and not window (the default)

VS Code's default scope is window, which means workspace and folder settings.json can override the user setting. That's precisely the SEC-200 attack vector. Any setting whose value can cause command execution, redirect network traffic, swap credentials, or substitute the CLI binary must not be controllable by a project file — only by the user who installed the extension.

Why machine and not application

Both application and machine block workspace/folder overrides, so both close SEC-200. The differences:

Scope Settable in Synced via Settings Sync? Per-machine override
application User settings only Yes No
machine User OR per-machine remote settings No Yes

We pick machine because most of these settings are inherently machine-specific:

  • OS-dependent shell strings — a Windows cmd.exe /c … headerCommand would sync over to a Mac via Settings Sync (application) and silently break.
  • Filesystem pathsbinaryDestination, tlsCertFile, tlsKeyFile, tlsCaFile, proxyLogDirectory are absolute paths that differ per machine.
  • Network configproxyBypass, tlsAltHost depend on the local network environment.

machine keeps the security guarantee while letting per-machine values stay per-machine, including via VS Code's Remote SSH user-level settings.

Settings updated

Setting Scope Why it's sensitive
coder.headerCommand machine Runs an external shell command (SEC-200)
coder.tlsCertRefreshCommand machine Runs an external shell command (SEC-200)
coder.binarySource machine URL the Coder CLI is downloaded from
coder.binaryDestination machine Filesystem path of the executed CLI binary
coder.disableSignatureVerification machine Toggles CLI signature verification
coder.enableDownloads machine Force-enables downloads in restricted environments
coder.sshFlags machine SSH flags accept -o ProxyCommand=… (exec)
coder.globalFlags machine Flags applied to every CLI invocation
coder.tlsCertFile machine TLS client certificate path
coder.tlsKeyFile machine TLS client key path
coder.tlsCaFile machine TLS CA path (workspace-controlled CA → MITM)
coder.tlsAltHost machine Hostname override for TLS verification
coder.insecure machine Disables TLS host verification
coder.proxyLogDirectory machine Arbitrary write path
coder.proxyBypass machine Routes traffic around the proxy
coder.defaultUrl machine Default Coder deployment URL
coder.autologin machine Combined with defaultUrl could auto-login elsewhere
coder.useKeyring machine Credential-storage preference

Already machine: coder.sshConfig.

CI change

Drops the Verify tag is on main step from .github/workflows/release.yaml so this release/v1.14.6 branch can publish a tagged release without first being merged into main. The same change lands on main in the companion PR.

Companion PR

The same scope-hardening change is being delivered against main separately (under ## Unreleased).

Release plan

After merge:

  1. Tag v1.14.6 on the merged commit at the tip of release/v1.14.6.
  2. The release workflow packages the extension and publishes to the Marketplace + OpenVSX.

Test plan

  • pnpm typecheck — clean on the equivalent main branch (this branch's source matches v1.14.5 unchanged; only package.json metadata fields and CHANGELOG are touched).
  • pnpm test — 1670 passed / 1 skipped on the equivalent main branch with identical scope changes.
  • Manual: open a workspace with a .vscode/settings.json setting coder.headerCommand; confirm VS Code reports it as unsettable at workspace scope and the value is ignored.
  • Manual: install the packaged .vsix and confirm a user-level coder.headerCommand still works.

@EhabY
security: tighten configuration scope for SEC-200 (v1.14.6)
3852144 
Mark security-sensitive settings as `scope: "machine"` so workspace and
folder `settings.json` can no longer override them. This closes a path
where a malicious workspace could redirect command execution
(`coder.headerCommand`, `coder.tlsCertRefreshCommand`), swap the CLI
binary or its source, inject CLI/SSH flags, substitute TLS material,
or override identity and credential-storage settings.

Bump to v1.14.6 and add the corresponding CHANGELOG entry. Also drop
the release-workflow gate that required tags to come from `main` so a
fix can be cut from a release branch.
@EhabY EhabY requested a review from jdomeracki-coder May 19, 2026 15:45
@EhabY EhabY self-assigned this May 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jdomeracki-coder jdomeracki-coder Awaiting requested review from jdomeracki-coder

Assignees

@EhabY EhabY

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@EhabY