Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
VBprogrammer 4 days ago

Presumably someone with mal-intent would sit on the root vulnerability waiting for a container breakout bug to come around.

thfuran 4 days ago | parent [-]

But a $5 wrench isn't a critical security vulnerability just because someone somewhere might one day find the right person to apply it to to extract important credentials.

VBprogrammer 4 days ago | parent | next [-]

A container root exploit isn't a critical security vulnerability either, describing it as moderate seems fair, but it's a reasonable step towards one.

worik 3 days ago | parent | prev | next [-]

That is exactly what it is.

Propper security I depth means that when trusted actors betray the system, the damage is limited.

ajross 3 days ago | parent | prev [-]

Not really the right metaphor. A $5 wrench isn't a "vulnerability" because it's $5! Tools that are accessible to everyone are part of the threat model, not something you can eliminate or avoid. This trick is novel and new.

Like, consider your personal cult was built around an "unopenable" bolt-tighted box. Then someone invents the wrench in an attempt to open it. That would be a clear "security vulnerability", right?

thfuran 3 days ago | parent [-]

Not a serious one if all the wrench actually gets you is access to the room that contains the box that no known tool can open, which is a closer analogy to what happened.

ajross 3 days ago | parent | next [-]

Again, though, you're taking "all that gets you" as a prior when (abandoning the metaphor) container and VM escapes are routine vulnerabilities. They just weren't the subject of this particular team who wanted to hack on AI. You don't do security analysis by presuming the absence of vulnerabilities!

Modern security is defense in depth. The AI pre-prompting setup was the first layer, and it was escaped. The UID separation inside the container was another, and it was broken. The container would have been next. And hopefully there are network firewalls and egress rules on top of that, etc... And all of those can and have failed in the past.

tptacek 3 days ago | parent [-]

Sure, I guess, but a lot more is broken than Copilot if you assume arbitrary container escape. (I do!)

pbhjpbhj 3 days ago | parent | prev [-]

And an exploit that breaks out of the sandbox is not really anything if it needs root to work... so if a hacker had those two MS wouldn't care about them selling those bugs because both of them are not serious. See, perfect security and it didn't cost them anything.