logoalt Hacker News

ashishbtoday at 6:02 AM0 repliesview on HN

> But in this particular case isn't the problem that it's sending everything in the sandbox?

If a CLI is touching certain files, they are likely to be leaked one way or the other.

Why not reduce the attack surface?

When does someone visit your house? Do they get unfettered access to your bedroom & safe as well?