by TZubiri 11 hours ago
Sounds overkill, how about giving the agent its own user?
It's really not overkill if you have good tools to work with. Hyper-V is quite capable of providing ephemeral workspaces on timescales measured in minutes. Especially with nested virtualization. One big machine with fast local disks can provide very short cold start times for a golden image stored on the same.
That's what I do in part because I went it to use the same system libraries etc. installed on my laptop, but I worry it will try to use privesc exploits...
highly unlikely the LLM will try to do privesc exploits, LPE risk still exists and should be assumed though, although the more likely risk model is the LLM installing an infected left-pad package, or (on servers) installing a dependency with a RCE vuln, or creating a new RCE vuln from scratch.
If we are talking about running the agent on a dev machine, though, Codex doesn't seem to introduce a lot of risk, considering that I can already add OS protection layers, and that the devs added their own protection layers, and that I can direct the model towards my preferences (like not installing dependencies through npm or pip).