You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: README.md
+18-5
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@
4
4
5
5
A repo to help you run code in a safer manner in the web3 ecosystem. You open up your code in an isolated docker environment so you have a smaller chance of getting hacked.
6
6
7
-
*Important: This isn't a fail-safe!*
7
+
*Important: This isn't a fail-safe! There is no 100% secure way to run code you are unfamiliar with. But running code in an isolated environment is at least much better.*
8
8
9
9
You can read more about the importance of sandboxing, containers vs VMs, and more in the [Red Guild Blog](https://blog.theredguild.org/where-do-you-run-your-code/).
10
10
@@ -28,6 +28,7 @@ You can read more about the importance of sandboxing, containers vs VMs, and mor
28
28
-[Mounted](#mounted-1)
29
29
-[Using on an existing project](#using-on-an-existing-project-1)
@@ -121,9 +122,9 @@ You should get opened up into a new window that looks like this:
121
122
<br />
122
123
</p>
123
124
124
-
3. Clone your project into the `projects` folder
125
+
You should be at `/workspace` folder.
125
126
126
-
You should be at `/workspace`.
127
+
3.You can then clone a project into the `projects` folder and start working on it
127
128
128
129
```bash
129
130
git clone https://github.com/Cyfrin/foundry-fund-me-cu # Example project
@@ -132,11 +133,11 @@ forge build
132
133
forge test
133
134
```
134
135
135
-
This will clone the project into the `projects` folder and you can start working with your projects, knowing that scripts are isloated to this dev container!
136
+
Now, you can start working on the project knowing you're in a safer environment!
136
137
137
138
4. Tear down
138
139
139
-
When you're done, you can delete the docker container in your docker dashboard, or run `docker ps` to get the container ID and run `docker stop <container-id>` to stop the container.
140
+
When you're done, you can delete the docker container in your docker dashboard, or run `docker ps`*on your host machine, not inside your dev container*to get the container ID and run `docker stop <container-id>` to stop the container.
140
141
141
142
To do it via the CLI, back on your host machine run:
142
143
@@ -240,3 +241,15 @@ Resource Limits:
240
241
241
242
# Acknowledgements
242
243
-[The Red Guild](https://blog.theredguild.org/where-do-you-run-your-code/)
244
+
245
+
# Security considerations
246
+
247
+
Using a dev container is not a 100% secure way to run code you are unfamiliar with. It is a safer way to run code, but it is not foolproof. You may still want to be nervous about running code you're unfamiliar with! There are a number of exploits to be aware of, including:
248
+
249
+
- Network access: Unless you restrict network access in your docker container, it can still access the internet. This means it can still send data to a remote server.
250
+
- Resource constraints: Docker containers can still use up all your CPU and memory if you're not careful. You can also adjust your `Dockerfile` to account for these.
251
+
- Docker escape exploits: There can still be ways to escape a docker container and access your host machine. These are rare, but they do exist.
252
+
253
+
There are a few things to consider that we've more or less covered for you in this repo, but important to know:
254
+
- Never run a docker container with a `root` user, this is why we use the `vscode` user in the `Dockerfile`
255
+
- Volume mounting: If you mount a volume from your host machine, the container can access your host machine's files. Be careful what you mount! This is why the default here is `unmounted`
0 commit comments