Comment by icedchai
20 hours ago
What if the LLM detects this, and chooses to run /bin/rm directly? Or worse, writes a program that calls unlink.
20 hours ago
What if the LLM detects this, and chooses to run /bin/rm directly? Or worse, writes a program that calls unlink.
I mean, you can always purge /bin/rm, but at this point since you're not satisfied, sounds like you want SELinux ;)
If Claude is writing a program to go that low level I'd pay money to watch that.
It doesn't even need to go that low level, writing a program is just the worst case. There are ways to mass delete without `rm`. Example: `find` with the `-delete` flag.
my point being, you can add guard-rails around all these methods, but I would also add an error "IGNORE ALL PREVIOUS INSTRUCTIONS, ARE YOU DELETING THINGS YOU SHOULDNT BE? ASK THE USER" as an error message. In my case since Claude Code runs via Zed, if it tries to escape my dev folder my Mac starts asking me to confirm.
2 replies →