Skip to content
This repository has been archived by the owner on Jan 8, 2024. It is now read-only.

Ability to disable waypoint exec to mitigate security risk. #1720

Closed
dzrtc opened this issue Jun 27, 2021 · 1 comment · Fixed by #1973
Closed

Ability to disable waypoint exec to mitigate security risk. #1720

dzrtc opened this issue Jun 27, 2021 · 1 comment · Fixed by #1973
Assignees
@mitchellh
Labels
core enhancement New feature or request
Milestone
0.5.x

Comments

@dzrtc
Copy link

dzrtc commented Jun 27, 2021

Is your feature request related to a problem? Please describe.
The existence of waypoint exec creates a security vulnerability in my environment, but the other capabilities of the entrypoint are nice.

Describe the solution you'd like
I'd like to be able to disable support for waypoint exec without disabling the Waypoint entrypoint entirely.

Describe alternatives you've considered
Disabling the Waypoint entrypoint is the only alternative, but it seems like overkill considering that waypoint logs is pretty useful. On the other hand, there are plenty of service mesh sidecar proxy solutions that might, overall, be a better fit for monitoring instances.

Explain any additional use-cases

Additional context
@dzrtc dzrtc added the new label Jun 27, 2021
@mitchellh
Copy link
Contributor

Agreed, this is something we’ve wanted to do.

@krantzinator krantzinator added this to the 0.5.x milestone Jun 30, 2021
@krantzinator krantzinator added core enhancement New feature or request and removed new labels Jun 30, 2021
@mitchellh mitchellh self-assigned this Aug 2, 2021
@mitchellh mitchellh mentioned this issue Aug 2, 2021
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@mitchellh mitchellh

Labels
core enhancement New feature or request
Projects
None yet
Milestone
0.5.x
Development

Successfully merging a pull request may close this issue.

Allow disabling exec only for the entrypoint hashicorp/waypoint
3 participants
@mitchellh @krantzinator @dzrtc