Remix.run Logo
k8sToGo 6 hours ago

it is not about "security" but it is more about confinement. And how could it do that without sudo rights?

arandomhuman 5 hours ago | parent [-]

Still, you are barely more protected than someone running this as non root at home. By your same logic you could “confine” the agent to any arbitrary directory on your filesystem and say it’s sufficient.

k8sToGo 5 hours ago | parent [-]

Yes, that is exactly the point I am making. The agent / cli is confined within the WSL2 environment. How is it "barley" protected? Neither you nor the other guy have yet answered this question.

I never claimed WSL2 is a security sandbox. I am saying running it in a container or WSL2 allows you to severly limit the blast radius. I am not expecting the agent to be malicious, but I am expecting it to do unexpected things.

arandomhuman 4 hours ago | parent [-]

That’s a fair approach, thanks for elaborating. I think the main point of contention is there is an expectation this software should be more reliable, that doesn’t take away from your approach, running close sourced software like a harness (or operating system) is asking for problems.