← Back to context

Comment by imoverclocked

20 hours ago

> LLM that I run inside Emacs can fully control the active Emacs instance ... > you can easily extract text from anything

This is what gives me the most pause.

13 comments

imoverclocked

Reply
iLemming  18 hours ago

Care to explain? Why is it? You think it's dangerous or some other reasons?

  • imoverclocked  13 hours ago

    It's definitely dangerous.

    Do you have credentials anywhere within reach of that session? Can you open your bank account in a browser ... within reach of that session? Are your contacts available within reach of that session? What about personal notes/emails/goals or other sensitive information? That people think these can't be added together in one very socially/monetarily destructive fell swoop is ... telling.

    Ignoring obvious bad-actor concerns from just giving root to your whole life to an LLM running on someone else's server, LLMs themselves can act in ways that are extremely counterproductive to their organization/host/etc.

    A quote/warning I learned in the late 90s is just as relevant today, "Computers make very fast, very accurate mistakes."

  • Blackthorn  18 hours ago

    Emacs has full system access with arbitrary execution so full emacs access -> full system access.

    • SoftTalker  11 hours ago

      What? You run emacs as root?

      Anything an LLM does on your computer should happen it its own account. No sudo config of course, or at most one that is strictly limited to what you want to allow it to do (risk here, as many programs have non-obvious paths to general command execution).

      It should have zero access to your private home directory or your system configs. You can have access to its files of course. That's the beauty of separate accounts and permissions.

    • arikrahman  17 hours ago

      The RCE vulnerabilities especially with community flavors of Emacs that come with access control out of the box.

    • iLemming  17 hours ago

      So? My terminal has the same full system access. If I didn't use Emacs, I'd be using Claude code in it. It's contained locally on my computer, I don't see any problem here. I use Emacs like my OS-layer. Why would I complain that my OS has access to something? It would be weird and annoying if it's the opposite.

      7 replies →