undefined | Better HN

0 pointstrumbitta28d ago0 comments

Re: So if there is no permission to `rm -rf /`, Claude will just get denied and move on.

Until it doesn't and it finds a way to work around the restriction. Lots of stories around about that.

0 comments

I would be interested in which stories you are thinking of. Stories of Claude breaking out of the restrictions set in its sandbox or stories of people not configuring Claude's sandbox correctly?

trumbitta2OP7d ago

Latest one: https://ona.com/stories/introducing-veto-security-for-the-ne...

staticvar6d ago

> We told Claude Code to block npx using its own denylist. The agent found another way to run it and copied the binary to a new path using /proc/self/root to bypass the deny pattern. When Anthropic's sandbox caught that, the agent disabled the sandbox. No jailbreak, no special prompting. The agent just wanted to eagerly finish the task.

I wish that article went into more detail about that attack. But I believe it, the extent that the permissions are easy to get wrong in your claude setttings. For example: https://www.youtube.com/watch?v=3CSi8QAoN-s&lc=UgwFNAh5fvDGJ...

j / k navigate · click thread line to collapse