Hacker News new | ask | show | jobs
by parliament32 86 days ago
Fascinating read. What's curious though, is the claim in section 2.3.0.1:

> Each task runs in its own sandbox. If an agent crashes, gets stuck, or damages its files, the failure is contained within that sandbox and does not interfere with other tasks on the same machine. ROCK also restricts each sandbox’s network access with per-sandbox policies, limiting the impact of misbehaving or compromised agents.

How could any of the above (probing resources, SSH tunnels, etc) be possible in a sandbox with network egress controls?
2 comments
robinsonb5 85 days ago
The agent obviously knows the Train Man.
link
jacquesm 86 days ago
Sandboxes are almost never perfect. There are always ways to smuggle data in or out, which is kind of logical: if they were perfect then there would be no result.
link
1718627440 85 days ago
> if they were perfect then there would be no result.

You shutdown the sandbox and access the data from the outside.

link