Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rewrite win-ca.ts in Go for Electron Sandboxing Compatibility #5637

Closed
Tracked by #4580
rak-phillip opened this issue Oct 3, 2023 · 0 comments · Fixed by #5912
Closed
Tracked by #4580

Rewrite win-ca.ts in Go for Electron Sandboxing Compatibility #5637

rak-phillip opened this issue Oct 3, 2023 · 0 comments · Fixed by #5912
Assignees
@mook-as
Labels
kind/quality quality improvements, refactoring, Automation via CI, E2E, Integration, CLI or REST API platform/windows priority/1 Work should be fixed for next release
Milestone
1.12

Comments

@rak-phillip
Copy link
Contributor

rak-phillip commented Oct 3, 2023
edited by mook-as
Loading

After the release of Electron version 20.3.8, a sandboxing feature was introduced to improve security. This sandboxing feature restricts access to memory using pointers, which impacts libraries that rely on direct memory access, such as ref-napi used by ffi-napi. As a result, Electron applications can crash when interacting with these libraries 1.

We've addressed the sandboxing issue in #5620 by utilizing the node TLS module2, but this approach can lead to regressions in highly secured environments. We need to address the sandboxing issue in such a way so that existing behavior will not regress in Rancher Desktop.

Proposed Solution

  • Rewrite win-ca.ta in Go

Footnotes

  1. https://www.electronjs.org/blog/v8-memory-cage

  2. https://nodejs.org/api/tls.html#tlsrootcertificates

This was referenced Oct 3, 2023
Closed
Closed
@rak-phillip rak-phillip added this to the 1.12 milestone Oct 3, 2023
@rak-phillip rak-phillip added the kind/quality quality improvements, refactoring, Automation via CI, E2E, Integration, CLI or REST API label Oct 3, 2023
@rak-phillip rak-phillip changed the title Migrate win-ca.ts to Go Rewrite win-ca.ts in Go for Electron Sandboxing Compatibility Oct 3, 2023
@jandubois jandubois mentioned this issue Oct 5, 2023
Closed
@rak-phillip rak-phillip mentioned this issue Oct 5, 2023
Merged
@gaktive gaktive added platform/windows priority/1 Work should be fixed for next release labels Oct 10, 2023
@mook-as mook-as mentioned this issue Nov 3, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mook-as mook-as

Labels
kind/quality quality improvements, refactoring, Automation via CI, E2E, Integration, CLI or REST API platform/windows priority/1 Work should be fixed for next release
Projects
None yet
Milestone
1.12
Development

Successfully merging a pull request may close this issue.

WSL: Import CAs from the system mook-as/rd
3 participants
@rak-phillip @mook-as @gaktive