Comment by Terr_
4 hours ago
> restic - Shell, Command, Upload
Well, now I feel a little vindicated tinkering so that my backup wouldn't run as root. Instead it runs as a regular user with read-all-files capabilities [0] and no login shell.
Of course, that's still probably overkill on my desktop, and any attacker that got that far would still be able to read basically every file on the computer and sneak backdoors into the backup...
[0] https://man7.org/linux/man-pages/man7/capabilities.7.html
It does seem like an LLM’s ability to see a constraint and just say “I’ll write a quick helper to work around it” kinda wrecks some older-world assumptions. We know how to deal with remote human attackers, remote bot attackers, and to some extent local human attackers, but local self-coding bot attackers lately needs more attention than it used to. It’s not even the same category as malware
I’ve been guilty myself of building containers where everything runs as root on the assumption that the container was the relevant domain
If LLMs are involved, I can’t tell whether OS level security is suddenly more relevant, or suddenly utterly obsolete