Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No management of write security #140

Open
Alecsou opened this issue Feb 4, 2025 · 1 comment
Open

No management of write security #140

Alecsou opened this issue Feb 4, 2025 · 1 comment

Comments

@Alecsou
Copy link

Alecsou commented Feb 4, 2025

In "normal" Lambda images, only the tmp file is available for file writing. The rest is read-execute-only.

https://docs.aws.amazon.com/lambda/latest/dg/images-create.html#:~:text=The%20container%20image%20must%20be%20able%20to%20run%20on%20a%20read%2Donly%20file%20system.%20Your%20function%20code%20can%20access%20a%20writable%20/tmp%20directory%20with%20between%20512%20MB%20and%2010%2C240%20MB%2C%20in%201%2DMB%20increments%2C%20of%20storage.

Could it be possible to add this kind of security to the RIE?
@valerena
Copy link
Contributor

Hi @Alecsou . RIE only emulates the Lambda runtime API (and incoming request/response). In my opinion a limitation like that should be handled at the system level. And in the end, RIE gives the control to the execution to the corresponding underlying runtime, so RIE doesn't have much control of what happens at that level.

I'm open to discuss, if you have a different opinion.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@valerena @Alecsou