HackerTrans
TopNewTrendsCommentsPastAskShowJobs

anoek

no profile record

Submissions

Hacker plants computer 'wiping' commands in Amazon's AI coding agent

404media.co
7 points·by anoek·12 mesi fa·2 comments

Sandboxing AI Agents

noek.net
4 points·by anoek·anno scorso·0 comments

Sandbox: Linux tool to create lightweight COW sandboxes to run stuff in

github.com
5 points·by anoek·anno scorso·3 comments

comments

anoek
·11 mesi fa·discuss
I wrote https://github.com/anoek/sandbox for that exact purpose, it uses overlayfs to protect your system from LLMs making unwanted changes and optionally masks out places you don't want it to be able to read from.
anoek
·12 mesi fa·discuss
This kind of thing is exactly why I built https://github.com/anoek/sandbox . Even non malicious agents do things they shouldn't do, I've caught them removing home directory configs and installing system packages, but it doesn't matter to me anymore because they are free to do those things to see if it solves their problem, but it doesn't affect the host machine layer.
anoek
·anno scorso·discuss
> I wonder if this could also be used on immutable distros as a way to make temporary or even semi-permanent changes

I've used it on my own machine to test upgrades and whatnot, typically it just works, so it might very well be useful for the use case you're thinking of.

> like installing a system-level app such as a VPN

At present there's a flag `--net` which when set to `--net=none` it creates a new networking namespace for the sandbox without doing any additional things to configure the network within the sandbox, so its a simple way to block traffic. I think creating a new namespace but then following it up with setting it up with whatever VPN stuff you wanted would work quite well to create a sandbox that strictly used a particular VPN configuration.

> if the overlay sits on top of the host and sees the host's files, why does it need to "sync" exactly

OverlayFS sometimes caches read results from the "lower" file system, so often it'll just work as you expect, but sometimes reads will be stale. The sync action just flushes all changes to disk and clears the read cache to work around that problem. You definitely don't need to run a sync if you've just rebooted. Additionally any changes made in the upper fs (the sandboxed view) will remain, sync is non destructive in nature.
anoek
·anno scorso·discuss
With the rise of things like AI agents wanting to run commands on my computer, I wanted a way to let them do that but in a safe environment. `sandbox` is a tool that utilizes built in Linux features like namespaces and OverlayFS to create essentially a container that looks and feels pretty much identical to my host machine, but any changes made are done in a staging area that I can later accept or reject changes from. There's also a crude network on/off toggle so if I'm running something I don't trust not to send data off to malicious actor, I can sandbox it without network access.

While my own use case primarily revolves around letting AI agents run amok in their own sandboxes, it's meant to be general purpose and I could see it being useful for some development tasks like testing file migrations or other file management tasks where you want to snapshot and discard frequently. Another use case I'll be using it for is to vet installing things from whatever trendy shell based installer that expects you to curl pipe a shell script into sudo bash, and in general running things I don't fully trust not to inadvertently mess something up on my computer.

This is the initial public release. I've been using it internally for a couple of months now and I think I have most of the serious issues squashed, but I'm sure there are some issues and many improvements to be made, feedback and bug reports are appreciated.