Remix.run Logo
thesuitonym 6 hours ago

It's wild that we've known for decades to use ACLs to make sure people don't have access to files we don't want them to have access to, but somehow a computer pretending to be a person doesn't get that same treatment.

_verandaguy 6 hours ago | parent | next [-]

ACLs, nothing, we've known about in-band signalling since forever and still this whole segment of the industry seems to either not know about it, or forgets about it at a cadence so regular it may as well not know about it.

System-level ACLs; mandatory or discretionary access control; secure-by-default application and network configurations are all for naught if you take an LLM, run it with all the privileges you'd have an accountable, judgemental operator, and then tell it to act based on arbitrary untrusted input which might include prompt injection attacks, something which cannot generally be sanitized.

Well-defined, well-enforced security policies can mitigate disasters, but many in the wild right now just don't account for this kind of threat model.

hilariously 6 hours ago | parent [-]

It's just purposeful blindness - I worked for a company building out tooling that insisted markdown based security was good enough and showed it off for anyone at the company to attack because they were so sure.

It took me less than 5 minutes to completely disable... nobody cared, they just kept going - check the box and move on.

Sharlin 6 hours ago | parent [-]

Something something salary depending on it.

Software "engineering" in particular has always been more than 50% cargo culting. Good engineering practices never matter when the alternative is just going through the motions of whatever rituals are in vogue.

wnissen 6 hours ago | parent | prev | next [-]

We laugh, and rightly so, at the time sharing systems of the 70s and 80s that didn't use passwords. I bet allowing a whole other virtual person to run outside a VM, with access to an actual file system instead of a version-controlled branch, will be seen as a worst practice in ten years.

SvenL 6 hours ago | parent | prev | next [-]

I think ACL is only a part of the solution. If he runs the agent with his account, the ACL would not really help. But I do admit, I might have an outdated understanding of ACLs.

EPWN3D 5 hours ago | parent | prev | next [-]

Have you ever tried to configure ACLs? They're a pain in the ass. Not everyone wants to be a sysadmin.

the8472 4 hours ago | parent | next [-]

ACLs aren't even the issue here, first you need an entity separate from "the current user" to grant that access to. That's what jails, sandboxes or capability-based systems bring to the table. But you have to use them, most of those AI tools and their IDE integrations don't. Once you have those you can think about which access to grant that entity.

beepbooptheory 4 hours ago | parent | prev [-]

What do you find hard about it? Is it a conceptual thing or the tools themselves? I'm very far from a sysadmin, but it's just such a ground level using-linux type thing in my brain, I don't think I ever thought I had a choice about learning it!

SoftTalker 2 hours ago | parent [-]

Owner/Group/World rwx permissions are ground-level. I'm not sure I'd put ACLs, or SELinux, or AppArmor in the same sphere. Those start of at "arcane" and then get more complicated, at least that's my impression, and I've used linux for decades.

steve1977 6 hours ago | parent | prev [-]

A computer pretending to be you, in many cases.