Comment by oskarkk
1 month ago
If you're not sure if there are any important world-writable files, then just check that? On Linux you can do something like "find . -perm /o=w". And you can easily make whole dirs inaccessible to other users (chmod o-x). It's only a problem if you're a developer who doesn't know how to check and set file permissions. Then I wouldn't advise running any commands given by an AI.
i'm imagining it's the same people who just chmod 777 everything so they don't have to deal with permissions.
yep thats me, I chmod that and make roots password blank, this way unauthorized access is impossible!
Careful, you’re talking to developers now. Chmod is for wizards, Harry. One wouldn’t dream of disturbing the Linux gods with my own chmod magic. /s
Yes, this is indeed the answer. Create a fake root. Create a user. Chmod and chgrp to restrict it to that fake root. ln /bin if you need to. Let it run wild in its own crib.
Though why bother if you can just put it into a namespace? Containers can be much simpler than what all this Docker and Kubernetes shit around suggests.
I agree. It’s just what the developer knows. Fine. Use whatever you know at your disposal to sandbox it. The ends justify the means.