← Back to context Comment by nottorp 1 month ago ... as root? 5 comments nottorp Reply tintor 1 month ago No root. `pip` and `npm install` don't require it.You can not use `sudo apt install` inside it.They use gVisor, and other container isolation mechanisms: https://ryan.govost.es/2025/openai-code-interpreter/ bandrami 1 month ago OTOH if you have apt, you have arbitrary shell commands (hooray dpkg-hooks!)Golden years for cybersecurity people zahlman 1 month ago Given that it's within a container on a remote server, does that matter? acedTrex 1 month ago I mean i hope its more hardened than JUST a container given how many container escapes there are. jchw 1 month ago Apparently, they are using gVisor, which when applied properly, should make a pretty good isolation primitive.
tintor 1 month ago No root. `pip` and `npm install` don't require it.You can not use `sudo apt install` inside it.They use gVisor, and other container isolation mechanisms: https://ryan.govost.es/2025/openai-code-interpreter/ bandrami 1 month ago OTOH if you have apt, you have arbitrary shell commands (hooray dpkg-hooks!)Golden years for cybersecurity people
bandrami 1 month ago OTOH if you have apt, you have arbitrary shell commands (hooray dpkg-hooks!)Golden years for cybersecurity people
zahlman 1 month ago Given that it's within a container on a remote server, does that matter? acedTrex 1 month ago I mean i hope its more hardened than JUST a container given how many container escapes there are. jchw 1 month ago Apparently, they are using gVisor, which when applied properly, should make a pretty good isolation primitive.
acedTrex 1 month ago I mean i hope its more hardened than JUST a container given how many container escapes there are. jchw 1 month ago Apparently, they are using gVisor, which when applied properly, should make a pretty good isolation primitive.
jchw 1 month ago Apparently, they are using gVisor, which when applied properly, should make a pretty good isolation primitive.
No root. `pip` and `npm install` don't require it.
You can not use `sudo apt install` inside it.
They use gVisor, and other container isolation mechanisms: https://ryan.govost.es/2025/openai-code-interpreter/
OTOH if you have apt, you have arbitrary shell commands (hooray dpkg-hooks!)
Golden years for cybersecurity people
Given that it's within a container on a remote server, does that matter?
I mean i hope its more hardened than JUST a container given how many container escapes there are.
Apparently, they are using gVisor, which when applied properly, should make a pretty good isolation primitive.