Comment by shakna
20 hours ago
chroot is not a security sandbox. It is not a jail.
Escaping it is something that does not take too much effort. If you have ptrace, you can escape without privileges.
20 hours ago
chroot is not a security sandbox. It is not a jail.
Escaping it is something that does not take too much effort. If you have ptrace, you can escape without privileges.
claude is stupid but not malicious; chroot is sufficient
Sure, it's not malicious. But it is very eager to get things done, and surprisingly inventive and knowledgeable in all kinds of workarounds.
I've many times seen Claude try to execute a command that it's not supposed to, the harness prevents it, and then it writes and executes a python script to do it.
breaking a chroot takes more than that..
2 replies →
Malice is not required. If it thinks it is in the right, then it will do whatever it takes to get around limitations.
Until it gets prompt injected. Are you reading every single file your agent reads as part of the tasks you give it, including content fetched from the web or third-party packages?
Claude is far from stupid from my experience. I've used so many models and Claude is king.