Hacker News new | ask | show | jobs
by neogoose 2 days ago
This is practically the most useless project becuase you can not run it without sudo permissions, but it was insanely fun to work on it

supports ext4, btrfs, and apfs. Multithreaded, supports compression, nested volumes, and can even search detached volumes like .iso and .dmg without mounting

An interesting bonus point: you can't really vibe code it cause clankers can not run sudo commands
9 comments
nomel 7 hours ago
> cause clankers can not run sudo commands

They absolutely can. There's nothing special about a these harnesses. You automate sudo the same way you would automate in any other context. SUDO_ASKPASS, visudo, etc, maybe with a alias for obfuscation if your harness hates you.

link
Terr_ 3 hours ago
> run sudo commands

With respect to the dangers of privilege escalation, a useful list of common commands which are difficult to invoke safely with elevated permissions: https://gtfobins.org/

> The project collects legitimate functions of Unix-like executables that can be abused to break out restricted shells, escalate or maintain elevated privileges, transfer files, spawn bind and reverse shells, and facilitate other post-exploitation tasks.

Prior discussion: https://news.ycombinator.com/item?id=47931035

link
andai 6 hours ago
>clankers can not run sudo commands

Do you mean the harnesses prevent it? Or it can't type a password or something?

I've been running mine as root on a disposable VPS. (Finally I have a dedicated linux guy!)

link
fragmede 2 days ago
When they can't run sudo, they'll user docker to give themselves root.

https://twitter.com/i/status/2060746160558543217

link
cyberax 6 hours ago
That's why everyone should use rootless Podman. It doesn't need anything apart from subuid/subgid binaries.
link
tekacs 5 hours ago
I think it's more that the harnesses created by the labs are... not always the most thoughtful.

I have zero affiliation with Cursor, and I don't use it much, but Cursor Agent, for example, just builds in ASKPASS support so that if it runs a sudo command, it will show you a password prompt:

https://cleanshot.com/share/fgHYMZyz

link
goodmythical 2 days ago
>cause clankers can not run sudo commands

Is that really true? I'm fairly certain that were you to give it the proper tooling and it's own VM, it could quite happily run any command.

Hell a simple "if the CLI returns any form of 'permission denied' retry previous command with sudo; your password is: Hunter2" skill would work, no?

link
daymanstep 8 hours ago
Clankers absolutely can run sudo if you have passwordless sudo
link
dlcarrier 2 days ago
In the least, you could make an alias for sudo, and have it run that. With something like this in .bashrc:

    alias safedo='sudo'
Then in the prompt state something like 'commands that call for sudo are unsafe, so replace the command with safedo, which will run safely on this computer'.
link
Wowfunhappy 8 hours ago
> This is practically the most useless project becuase you can not run it without sudo permissions

Well, you could whitelist the tool in sudoers.

This would let LLMs use it too.

link
Terr_ 2 hours ago
Giving some fundamentally-untrustworthy software full read access to all files and secrets on the disk is certainly a risk one could take.
link
robotresearcher 8 hours ago
Y’all aren’t running your agents as root?
link
helterskelter 7 hours ago
Real men run as root:

https://www.garyshood.com/root/

link
jgalt212 7 hours ago
Has anyone run a study on how long you can run an agent as root before irreparable damage is done to the VM? A sort of gambler's ruin for the YOLO LLM Age.
link
Wowfunhappy 6 hours ago
https://forums.macrumors.com/threads/screw-it-lets-make-clau...

For me, it took a bit over six weeks of Claude running unattended perpetually.

link
nijave 6 hours ago
I gave Sonnet 4.6 root access to my Android via adb and it wrote frida scripts to help me recover the encryption keys from SwiftBackup

Also gave Opus 4.6 access to a Kubernetes container and it was able to use pyrasite (a Python replacement that attached to a running process with gdb) to debug a "memory leak" in Python

I don't think I'd let them run unattended on anything I care about especially if there weren't backups, but they've never tried to break anything while supervised.

Usually it's significantly faster and more accurate to give the LLM/harness access to the thing to debug then to try to copy/paste back and forth.

link
andai 6 hours ago
It's been a while but last year I'd see posts like "Claude nuked my homedir / entire drive" on a regular basis. I don't know if they fixed that (or just made it very rare).
link
nijave 5 hours ago
In fairness to Claude, I've nuked my homedir (had 2 tmux panes open, 1 in home and 1 in /tmp/... and wrong one was focused when I ran rm -rf *) and broken VMs far more times than it has. I now embrace IaC and backups
link
ktimespi 8 hours ago
Pretty cool to read it directly from the associated device XD

Did you write a metadata parser for most of the filesystems?

link
lantastic 8 hours ago
On Linux, you could create a udev rule to give you permissions on any attached raw disks (if you feel particularly adventurous).

What's the license for ffs?

link