Conversation
jarkko

Jarkko Sakkinen

full pass :-)
1
0
1
tris@chaos.social

Tris

Reply to @jarkko

@jarkko What is it? Something like https://github.com/multikernel/sandlock ?

1
0
0
jarkko

Jarkko Sakkinen

Reply to @tris@chaos.social
@tris i don't know. i don't use landlock because of landlock but because it fits to the goals, which are readable from landstrip's man page. it also use seccomp.
1
0
0
jarkko

Jarkko Sakkinen

Reply to @jarkko
@tris so i don't really spend my time looking at tools. i have an idea and then i try see what fits to implement that idea
1
0
1
jarkko

Jarkko Sakkinen

Reply to @jarkko
@tris for this project and many other i actually just browsed https://elixir.bootlin.com/linux/v7.0.12/source to look for what would fit and then browsed what landlock does and this how things connect.
1
0
1
tris@chaos.social

Tris

Reply to @jarkko

@jarkko That's a really neat approach. I usually spend some time looking for existing tools solutions before building something myself because I'd rather avoid creating unnecessary tech debt. In this case, your approach makes a lot of sense. Since the kernel is ultimately the source of truth, it's unlikely that an external abstraction or wrapper would provide a better solution. I think it's a pragmatic way to handle a problem like this

1
0
1
jarkko

Jarkko Sakkinen

Reply to @tris@chaos.social
@tris In the case of blocking agents tackling that outside of paths is the context here. All the bad stuff is always related to paths in security. Landlock does not work in that space so it can brickwall where agen process can move. Thus, it just ended up being the right block.
1
0
0
jarkko

Jarkko Sakkinen

Reply to @jarkko
@tris It addresses whole vector of race condition, which always exist for example in container creation. That small time window is unforgivable in the case of LLM.
1
0
0
jarkko

Jarkko Sakkinen

Reply to @jarkko
Edited yesterday
@tris not because it is "smart" but because aget can brutforce the whole catalog exploit techniques in fast iterations. caging it into a space of file system objects puts it into a closure where it cannot escape easily.
1
0
0
jarkko

Jarkko Sakkinen

Reply to @jarkko
@tris So if you want to tackle such security problem it's not piling chainsaw, hammer and screwdriver into a hill and put fingers crossed because there's a lot of tools in good use. it's about using right tools right because the adversary in this case is most diffcult to tackle so far.
1
0
0
jarkko

Jarkko Sakkinen

Reply to @jarkko
@tris Paths are major gain for LLM with tool commands. So making that unuseful attack vector makes them quite paralyzed and stupid entities that do weird things. It has no tracks and it cannot move because it's just a stupid file.
0
0
0
About social.kernel.org

Terms of service

  1. Please do not use this service in violation of the Linux Kernel Code of Conduct. Doing so will result in your account suspension with the referral of the matter to the CoC committee.

  2. "Repeating"/"boosting" someone else's status on this platform will be treated as endorsement and will fall under rule #1.

  3. You are encouraged to use this platform to promote your work on the Linux Kernel, but there is no restriction on permitted topics (with the exception of anything covered by #1 above).

  4. There is no requirement to post in English, but it should be considered the primary language of communication on this platform.

Privacy notice

The admins of this service have access to all posted statuses. They aren't looking, but if it's something they shouldn't know about, then you should not post it on this platform.

Please see the Linux Foundation Privacy Policy, which applies to this platform as well.

Getting your own account

If you would like an account on this instance, please check that the following applies to you:

  • You are listed in MAINTAINERS or CREDITS

  • OR: You have a kernel.org account or email address

  • OR: You have a long and established history of involvement with the Linux Kernel

If the above is true and you agree with the Terms of Service and Privacy Notice listed above, please use these instructions to request an account: