This may only provide a flalse sense of security. Afaik, there is no way to disa... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		StingyJelly 45 days ago \| parent \| context \| favorite \| on: Threat actors expand abuse of Microsoft Visual Stu... This may only provide a flalse sense of security. Afaik, there is no way to disable workspace settings taking priority over user settings, so a malious repo can easily override them and reenable automatic tasks.

Tyriar 45 days ago [–]

Various settings are `restricted` in the codebase to only use them when the workspace is trusted. `allowAutomaticTasks` is one such setting: https://github.com/microsoft/vscode/blob/f7730c409e14af94d75...

So a malicious repo can easily override it... if you say you trust it.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact