To be fair, read-only commands can still read sensitive files and keys, and exfiltrate them via prompt injection.

raw_anon_1111 26 minutes ago | parent | next [-]

Not if you don’t have keys on your computer.

In my case, all of my keys are in AWS Secrets Manager. The temporary AWS access keys that are in environment variables in the Claude terminal session are linked to a role without access to Secrets Manager. My other terminal session has temporary keys to a dev account that has Admin access

The AWS CLI and SDK automatically know to look in those environment variables for credentials.

▲

hamburglar 2 hours ago | parent | prev [-]

And “find” can easily execute arbitrary subcommands, which may not be readonly.

▲

angry_octet 2 hours ago | parent [-]

We need a new suite of utilities with defined R/W/X properties, like a find that can't -exec arbitrary programs. Ideally the programs would have a standard parseable manifest.

I've seen this before with sodoers programs including powerful tools. Saw one today with make, just gobsmacked.

	▲	cyberge99 34 minutes ago \| parent [-]
		That exists as SELinux.