To be devil’s advocate: if you are just running commands with bash or power shell or the like there ...

PaulHoule • today at 12:10 PM • 3 replies • view on HN

To be devil’s advocate: if you are just running commands with bash or power shell or the like there is no protection. You might have some rules that ban

rm -rf ~

but sandboxing in general is not an easy problem.

Replies

andoando • today at 7:52 PM

Youd just whitelist the list of cli calls equivalent to what your mcp offers

skydhash • today at 3:07 PM

It is. The issue is all the weird constraints that usually come up with it. Like I want to use my favorite code editor, I want easy copy and paste, or I can’t bother setting up a separate user account on my computer.

On unix, you can easily create a new user account, switch to it (or ssh or setup vnc), and run the tool there. If users are enough for servers on the internet, they can be for your workstation (unless there’s something like copyfail, but you can make do with a vm then).

cindyllm • today at 12:17 PM

[dead]

alt Hacker News

Replies