logoalt Hacker News

algoriaslast Friday at 12:48 AM2 repliesview on HN

run them in a VM that doesn't have git installed. Sandboxing these things is a good idea anyways.

Replies

godelskilast Friday at 1:34 AM

  > Sandboxing these things is a good idea anyways.
Honestly, one thing I don't understand is why agents aren't organized with unique user or group permissions. Like if we're going to be lazy and not make a container for them then why the fuck are we not doing basic security things like permission handling.

Like we want to act like these programs are identical to a person on a system but at the same time we're not treating them like we would another person on the system? Give me a fucking claude user and/or group. If I want to remove `git` or `rm` from that user, great! Also makes giving directory access a lot easier. Don't have to just trust that the program isn't going to go fuck with some other directory

show 1 reply
zmmmmmlast Friday at 1:25 AM

but then they can't open your browser to administer your account.

What kind of agentic developer are you?