Comment by chrysoprace
16 days ago
To be fair, read-only commands can still read sensitive files and keys, and exfiltrate them via prompt injection.
16 days ago
To be fair, read-only commands can still read sensitive files and keys, and exfiltrate them via prompt injection.
Not if you don’t have keys on your computer.
In my case, all of my keys are in AWS Secrets Manager. The temporary AWS access keys that are in environment variables in the Claude terminal session are linked to a role without access to Secrets Manager. My other terminal session has temporary keys to a dev account that has Admin access
The AWS CLI and SDK automatically know to look in those environment variables for credentials.
And “find” can easily execute arbitrary subcommands, which may not be readonly.
We need a new suite of utilities with defined R/W/X properties, like a find that can't -exec arbitrary programs. Ideally the programs would have a standard parseable manifest.
I've seen this before with sodoers programs including powerful tools. Saw one today with make, just gobsmacked.
That exists as SELinux.