top | item 45841398

(no title)

awayto | 3 months ago

Also if you're doing function calls you can just have the command as one response param, and arguments array as another response param. Then just black/white list commands you either don't want to run or which should require a human to say ok.

discuss

aidenn0|3 months ago

blacklist is going to be a bad idea since so many commands can be made to run other commands with their arguments.

awayto|3 months ago

Yeah I agree. Ultimately I would suggest not having any kind of function call which returns an arbitrary command.

Instead, think of it as if you were enabling capabilities for AppArmor, by making a function call definition for just 1 command. Then over time suss out what commands you need your agent do to and nothing more.