Comment by blitz_skull

blitz_skull Dec 14, 2025 parent

Claude doesn't have permission to run `rm` by default. Play with fire, you get burned my man.

hurturue Dec 15, 2025

there's an infinite amount of ways to delete a file. deny listing commands doesnt work.

python3 -c "import os; os.unlink('~/.bashrc')"

skeledrew Dec 15, 2025

Choose whitelisting over blacklisting, like making your own tools that you give to it, and allow nothing else.

simlevesque Dec 15, 2025

Let us know when your allowlist is done.

maxbond Dec 15, 2025

I don't know why you're implying the list is unbounded but this isn't very difficult. You don't have to have perfect foresight and one shot the list. You'll add things as you discover you missed them or as you adopt new tools/scripts.

Don't let the perfect be the enemy of the good, there is a lot of space between running agents directly on your system and an environment too locked down or sophisticated to realistically maintain.

alexfoo Dec 15, 2025

Choose racially neutral terminology…

allowlist and denylist (or blocklist)

dpifke Dec 15, 2025

Shouldn't you be out protesting your local chess club instead of posting on HN right now?

blitz_skull OP Dec 15, 2025

No, I’ll keep using the words that I want. I’m not going to be word policed by some twelve year old on the internet.

hluska Dec 15, 2025

This topic was boring years ago. At this point, it’s all been said by better who are better at writing than you.

metadope Dec 15, 2025

I am sorry and saddened to see your comment dimmed and dissed by our brethren.

Everyone is in a mood, after entertaining the terror that comes with deploying unsupervised super-potent Agents, the year of living dangerously.

I for one appreciate having my consciousness raised in the middle of all this, reminding me of the importance of other humans' experiences.

Or, were you tongue-in-cheek, just yanking chains, rattling cages?

In either case: Keep up the good work.

8653564297860 Dec 15, 2025

Get fucked

sunaookami Dec 15, 2025

Of course there are many ways but LLM don't use them. They use standard commands and you will get a confirmation prompt in the terminal where you can deny and you are thrown back into prompting.

nicolaslem Dec 15, 2025

They do get really creative to achieve their goals. Claude Code routinely uses these kind of one liners.

irishcoffee Dec 14, 2025

I have no idea if this is possible: mv ~/* /dev/null

realo Dec 14, 2025

Try that one instead:

mv ~/. /dev/null

Better.

Extra points if you achieve that one also:

mv /. /dev/null

Slashdot aficionados might object to that last one, though.

klempner Dec 15, 2025

Speaking of Slashdot, some fairly frequent poster had a signature back around 2001/2002 had a signature that was something like

mv /bin/laden /dev/null

and then someone explained how that was broken: even if that succeeds, what you've done is to replace the device file /dev/null with the regular file that was previously at /bin/laden, and then whenever other things redirect their output to /dev/null they'll be overwriting this random file than having output be discarded immediately, which is moderately bad.

Your version will just fail (even assuming root) because mv won't let you replace a file with a directory.

blitz_skull OP Dec 14, 2025

Hmm... Let me go run it real quick without checking what it does.

EDIT: OH MY GOD

irishcoffee Dec 14, 2025

Har har, I meant within the permission framework of the bots people unleash on their personal computers.

I assume yes.

This item has no comments currently.