Hacker News new | ask | show | jobs
by trumbitta2 85 days ago
Re: So if there is no permission to `rm -rf /`, Claude will just get denied and move on.

Until it doesn't and it finds a way to work around the restriction. Lots of stories around about that.
1 comments
staticvar 85 days ago
I would be interested in which stories you are thinking of. Stories of Claude breaking out of the restrictions set in its sandbox or stories of people not configuring Claude's sandbox correctly?
link
trumbitta2 84 days ago
Latest one: https://ona.com/stories/introducing-veto-security-for-the-ne...
link
staticvar 83 days ago
> We told Claude Code to block npx using its own denylist. The agent found another way to run it and copied the binary to a new path using /proc/self/root to bypass the deny pattern. When Anthropic's sandbox caught that, the agent disabled the sandbox. No jailbreak, no special prompting. The agent just wanted to eagerly finish the task.

I wish that article went into more detail about that attack. But I believe it, the extent that the permissions are easy to get wrong in your claude setttings. For example: https://www.youtube.com/watch?v=3CSi8QAoN-s&lc=UgwFNAh5fvDGJ...

link