top | item 43809563

(no title)

How is this secure? Can the agent run `rm -rf /` and destroy my machine by chance?

discuss

Fosowl|10 months ago

No it can't because we check the bash the AI try to execute against a list of pattern for dangerous command. Also all commands are executed within a folder specified in the configuration file, so that you can choose which files it has access to. However, we currently have no containerization meaning that code execution unlike bash could be harmful. I do think about improving the safety by running all code/commands within a docker and then having some kind of file transfer upon user validation once a task is done.

rank0|10 months ago

I guarantee you these controls are breakable the way you describe them.

Thats okay though! I realize this is a prototype/hobbyist solution which is unlikely to be attacked by a skilled adversary. Love the project!

If later on you want this to become safe for sensitive workloads you need to be way less confident. Just my 2¢.

hansmayer|10 months ago

What if the agent were to create an alias to 'rm -rf' on my machine? I guess that would not have been blocked by your blacklist, right?

danboarder|10 months ago

I have not used this one yet but as a rule of thumb I always test this type of software in a VM, for example I have an Ubuntu Linux desktop running in Virtualbox on my mac to install and test stuff like this, which set up to be isolated and much less likely to have access to my primary Mac OS environment.

mistrial9|10 months ago

on linux make a non-root, limited shell login to start? avoid Windows

c45y|10 months ago

You can do a lot with seccomp filters that would stop even root messing things up too badly, down to path level io filtering unless I misremember