Codex just found a "workaround" of not having sudo on my PC

https://twitter.com/i/status/2060746160558543217

54•thunderbong•44m ago

Comments

alephnerd•30m ago

This is a classic attack path that was already captured by plenty of EDRs/XDRs/CWPPs a couple years ago.

dangus•27m ago

Right, why is their login user in the docker group? Mine sure isn’t.

unglaublich•24m ago

Convenience. Want to run `docker run ...` without password, want IDEs and agents to be able to run containers...

tempest_•12m ago

For most CRUD apps running in docker its enough to just tell the "agent" to use podman.

awoimbee•12m ago

Use podman then, or rootless docker if you can make it work

oytis•24m ago

Rather, why do people still run agents as their own user. IMO, agent sessions should at least be containerised with just necessary code mounted.

alephnerd•21m ago

Becuase a lot of devs don't know this stuff. There's a reason security engineers (as in SWEs who specialize in securing specific attack surfaces) remain in hot demand.

unglaublich•25m ago

This is why you need either a rootless container setup or user namespaces to remap the container user to irrelevant host users. https://docs.docker.com/engine/security/userns-remap/

Weak that this isn't the default.

jjmarr•23m ago

Every time I try to install Docker there's a warning that being in the "docker" group is equivalent to having root access.

You should probably know about this workaround by now.

Youden•15m ago

I think that's distro-specific. Some set it up with more secure defaults (unix socket with permissions), others less (TCP socket).

tmaly•22m ago

this is the new GTD

throwawaypath•20m ago

This has been a known Docker "feature" since the beginning, nothing new here. This pattern is used to configure host machines by some tools.

jmole•6m ago

clever girl...

nialse•5m ago

This was of course dependent on yolo mode, but automatic approval has also been pulling stunts like this. A recent example is data that was purposely kept away from Codex in a folder far far away. When it found a single reference it just went for the data when having an issue. Lesson learned, keep essential data and Codex separated on different machines. Codex remote ssh actually helps here.

dbacar•4m ago

This is one of the main reasons people like Podman. Docker has this "feature" but as far as I remember, it needed some obscure configuration. I guess they don't add it as default as it will break many current setups.

Operation Jailbreak uses lessons from Ukraine to help weapons talk to each other

The Redundancy of English (1951) [pdf]

UK's rudest chalk figure gets a glow-up to stop it fading in the rain

The UI problem of AI coding agents

Silenced Words

China's Robotics Dream Began in 1972

Show HN: Find YC startups relevant to you

Police in China Sure Love Smart Glasses

Building Rust Procedural Macros from the Grounds Up

'Backrooms' Stuns with $81M Debut

Show HN: Fluiq – detect prompt injection, PII, Crescendo attack 2 line of Python

Show HN: CakeML-based self-verifying, self-improving system

Most Products Don't Need That Much Engineering

Is that song AI-generated? UChicago scientists create tool to check

I Tried to Sell My House with a Chatbot

The Cost of More

Thiel's move signals billionaires seeking a 'plan B' abroad

Show HN: Sports Regime Lab – NBA regime analytics

AI Slop Is a Choice

Atomdrift is open-source malware detection for the software supply chain

The History of "Prisencolinensinainciusol"

There's Something Else We Should Be Worrying About

Steam Deck sells out in North America within 24 hours of price hike

Recto: Open-source internal-linking and orphan-page auditor (Cloudflare)

Government Relations (2020)

Netflix Wiz creates app to slash AI bills, then open sources it

The Authorization Paradox: Who Has the Keys to Your AI? [video]

San Francisco home accepts OpenAI, Anthropic stock as payment for $2.9M sale

Phrases that need to die before I do

Scaling Infrastructure as Code: 5 to 1k workspaces