Is this a joke? I have a lot of respect for the authors of bash, but it is not up to this task.
Does anyone have recommendations for an agent sandbox that's written by someone who understands security? I can use docker, but it's too much of a faff gating access to individual files. I'm a bit surprised that Microsoft didn't do a decent one for vscode; for all their faults they do have security chops, but vscode just seems to want you to give it full access to a project.
Bash was designed decades before the current security environment, and contains many insecure-by-default mechanisms, many of which operate without you explicitly invoking them. Just for starters, in a normal language it's hard enough to operate on untrusted data, but at least you know that nothing bad is going to happen just passing $UNTRUSTED from one function to the next. In bash, because it's based on string substitution you have to enclose that variable in quotes: "$UNTRUSTED" or its contents will start being interpreted.
In short, writing security-critical code in bash,without some obvious constraint forcing this, is a sign of inexperience or not actually caring about it.
"bash based safety layer"
Is this a joke? I have a lot of respect for the authors of bash, but it is not up to this task.
Does anyone have recommendations for an agent sandbox that's written by someone who understands security? I can use docker, but it's too much of a faff gating access to individual files. I'm a bit surprised that Microsoft didn't do a decent one for vscode; for all their faults they do have security chops, but vscode just seems to want you to give it full access to a project.
> but it is not up to this task.
Could you elaborate?
Ahh forgot about this comment, sorry.
Bash was designed decades before the current security environment, and contains many insecure-by-default mechanisms, many of which operate without you explicitly invoking them. Just for starters, in a normal language it's hard enough to operate on untrusted data, but at least you know that nothing bad is going to happen just passing $UNTRUSTED from one function to the next. In bash, because it's based on string substitution you have to enclose that variable in quotes: "$UNTRUSTED" or its contents will start being interpreted.
In short, writing security-critical code in bash,without some obvious constraint forcing this, is a sign of inexperience or not actually caring about it.
1 reply →