Live-share: vsls-agent wants to use your confidential information stored in com.microsoft.vs.liveshare
Product and Version [VS/VSCode]: Version 1.30.2 (1.30.2)
OS Version [macOS/Windows]: macOS 10.13.6
Live Share Extension Version: Unsure
Steps to Reproduce / Scenario:
I have been using vs-liveshare, but it's been about a week since I used it and I didn't do anything that I can tell - except perhaps focusing vscode - to prompt this message.
I'm guessing that this is due to a background update or something, but I've been on the mac platform for a few years and can't remember the last time I received a message like this:
Can Microsoft do collaboration with Apple to verify the authenticity of vsls-agent? Can this message be prompted by a decision in vscode rather than appearing randomly?
Ultimately I tried to accept this, but I couldn't figure out the login - apparently my admin password didn't work. Eventually I got redirected to https://insiders.liveshare.vsengsaas.visualstudio.com/auth/login?extensionId=8d8dbe07-5267-4e71-9519-87603a4ef116 and saw "ready to collaborate".
Screenshots
jcrben
All 23 comments
Additional info:
macOS: 10.14.3
Starts happening in vsls 0.3.1134, doesn't have this issue in the version before (0.3.1121).
The only way for the popup to stop appearing in 0.3.1134 is to click "Deny". The "Always Allow" button doesn't stop the prompt from immediately popping up
TrashPandacoot
on 24 Jan 2019
Hey @jcrben, thanks for reporting this issue. We need your logs in order to investigate this problem. Can you upload them here? You can get your logs by running "Live Share: Export Logs" in the command palette in VS Code.
For other people affected by this issue, you can also upload your logs here. Thanks!
Moniarchy
on 25 Jan 2019
cc @avanderhoorn
IlyaBiryukov
on 25 Jan 2019
Can I mail the logs somewhere? There's a lot of them and I don't know if they might contain private personal or work information, so I'd rather not drop them into a public location.
jcrben
on 25 Jan 2019
Yep! You can email the logs to us at [email protected].
Moniarchy
on 25 Jan 2019
Logs do contain private information, I wouldn't recommend anyone uploading their logs here @Moniarchy
raldred
on 25 Jan 2019
@raldred if you can file a Git Hub issue on which log entries contain private information (do not include the private information itself, just the surrounding text so we can locate and fix it), it would be much appreciated.
IlyaBiryukov
on 25 Jan 2019
Internally we see this issue when people are running _unsigned_ development builds of Live Share. Maybe the latest release (0.3.1134) was not signed or not properly signed?
jasongin
on 26 Jan 2019
I confirmed the vsls-agent Mac binary in the 0.3.1134 release is unsigned. This a problem with our build/release process, that we will be sure to fix for the next release, which will be in a few days. Then those keychain prompts should go away.
Until then if this is bothering you, you can use the "Install another version" command in the VS Code extensions list to go back to the previous Live Share release for a little while.
jasongin
on 26 Jan 2019
Is everyone still hitting this? We shipped an update on Friday, and it would be great to know if that addressed it or not. Thanks!
lostintangent
on 27 Jan 2019
@lostintangent I just started getting it this morning. (Sunday) for the first time with 0.3.1136 and vscode 1.30.2
jalevin
on 27 Jan 2019
I'm getting this on 0.3.1136 as well
mguida22
on 28 Jan 2019
+1
takahser
on 28 Jan 2019
+1
larusjr
on 28 Jan 2019
I've got the same issue from yesterday
mohseninasab
on 28 Jan 2019
+1
ciberger
on 28 Jan 2019
I have this issue as well.
sarahflynn
on 28 Jan 2019
+1
EdgardoRodriguezSolano
on 28 Jan 2019
+1
jakewies
on 28 Jan 2019
Unsubscribing since people keep commenting +1 unnecessarily - please email me at [email protected] if you need to follow-up (I emailed my logs).
Not sure why people feel compelled to comment +1 when they could react...
jcrben
on 28 Jan 2019
Hi
We just released 0.3.1151 Live Share VSCode extension with vsls-agent properly signed.
If you were prompted in previous versions (0.3.1134, 0.3.1136) that were affected by the bug, and clicked "Always Allow", you'll get a similar prompt with 0.3.1151 release once, because the identity of the vsls-agent is different for signed and non-signed bits. This prompt shouldn't complain about authenticity of vsls-agent not verified. Once you click "Always Allow", it should not prompt again.
If you upgrade to 0.3.1151 from 0.3.1121 or lower versions, or if you clicked "Deny" on that prompt, the prompt should not show up when you upgrade to 0.3.1151.
The prompt this bug is about may happen when vsls-agent fails to access the key chain for com.microsoft.vsliveshare* secrets on login key chain. There may be two reasons for the failure in this
issue: vsls-agent not properly signed or the identity of the app is different (signed vs not-signed).
If you cannot unlock the key chain, e.g. you don't remember the password for it, this may help:
https://support.apple.com/guide/keychain-access/if-you-need-to-update-your-keychain-password-kyca2429/mac
IlyaBiryukov
on 28 Jan 2019
Two more things.
The reason you're seeing multiple prompts even if you click "Always Allow" is that there are multiple secrets (up to 5), and OSX will ask about each one separately.
If you delete com.microsoft.vs.liveshare secrets from the keychain and start VSCode with Live Share, it'll think that you're not signed in, and will ask to sign in when you share or join. Then it'll write the secrets
back to the keychain.
IlyaBiryukov
on 29 Jan 2019
thank you for this fix - security warnings are always scary. It's good to see that users are on alert. Thank you @IlyaBiryukov for your work.
heisian
on 29 Jan 2019
Related issues
Chuxel
路
4Comments
Chuxel
路
3Comments
jleider
路
3Comments
hez2010
路
4Comments
Luchiwis
路
3Comments
Most helpful comment
Unsubscribing since people keep commenting +1 unnecessarily - please email me at [email protected] if you need to follow-up (I emailed my logs).
Not sure why people feel compelled to comment +1 when they could react...
