Seccomp security sandbox for tree-sitter

[FedericoCeratto]

Hello and thank you for developing the wonderful helix.

In my understanding the editor is currently fetching, building and then running tree-sitter grammars without security sandbox and without explicit user consent. This can introduce vulnerabilities and a vector for supply chain attacks.

The three operations could be sandboxed by spawning a dedicated process and using system call filters.
On Linux, seccomp can provide very strong sandboxing with minimal overhead.
(I'd be happy to provide some pointers if needed)

Thanks!

[archseer]

Fetching and building happens by user consent: it's a separate CLI command and package managers have these grammars precompiled. The editor doesn't interactively build anything on its own.

seccomp is linux specific, and I'm not sure how we'd sandbox just the grammar since it's a dynamic library loaded at runtime. A better fix would be running these grammars via webassembly but that's not fully supported upstream yet.

[FedericoCeratto]

Thanks for the clarification!
seccomp (and landlock) are indeed Linux specific but there are sandboxing systems for other OSes. Sandboxing requires running the security-critical code sections in a dedicated process that is given very limited access to the rest of the system.

[pascalkuthe]

Tree sitter requires shared memory and is closely intertwined with the rest of the editor running it in a separate process is not practical