Comment by nottorp 11 days ago ... as root? 5 comments nottorp Reply tintor 11 days ago No root. `pip` and `npm install` don't require it.You can not use `sudo apt install` inside it.They use gVisor, and other container isolation mechanisms: https://ryan.govost.es/2025/openai-code-interpreter/ bandrami 11 days ago OTOH if you have apt, you have arbitrary shell commands (hooray dpkg-hooks!)Golden years for cybersecurity people zahlman 11 days ago Given that it's within a container on a remote server, does that matter? acedTrex 11 days ago I mean i hope its more hardened than JUST a container given how many container escapes there are. jchw 11 days ago Apparently, they are using gVisor, which when applied properly, should make a pretty good isolation primitive.
tintor 11 days ago No root. `pip` and `npm install` don't require it.You can not use `sudo apt install` inside it.They use gVisor, and other container isolation mechanisms: https://ryan.govost.es/2025/openai-code-interpreter/ bandrami 11 days ago OTOH if you have apt, you have arbitrary shell commands (hooray dpkg-hooks!)Golden years for cybersecurity people
bandrami 11 days ago OTOH if you have apt, you have arbitrary shell commands (hooray dpkg-hooks!)Golden years for cybersecurity people
zahlman 11 days ago Given that it's within a container on a remote server, does that matter? acedTrex 11 days ago I mean i hope its more hardened than JUST a container given how many container escapes there are. jchw 11 days ago Apparently, they are using gVisor, which when applied properly, should make a pretty good isolation primitive.
acedTrex 11 days ago I mean i hope its more hardened than JUST a container given how many container escapes there are. jchw 11 days ago Apparently, they are using gVisor, which when applied properly, should make a pretty good isolation primitive.
jchw 11 days ago Apparently, they are using gVisor, which when applied properly, should make a pretty good isolation primitive.
No root. `pip` and `npm install` don't require it.
You can not use `sudo apt install` inside it.
They use gVisor, and other container isolation mechanisms: https://ryan.govost.es/2025/openai-code-interpreter/
OTOH if you have apt, you have arbitrary shell commands (hooray dpkg-hooks!)
Golden years for cybersecurity people
Given that it's within a container on a remote server, does that matter?
I mean i hope its more hardened than JUST a container given how many container escapes there are.
Apparently, they are using gVisor, which when applied properly, should make a pretty good isolation primitive.