Guardrails, regexes, blacklists, etc are not the right solution.
Your system should have an “agent” user group and each agent should run as a distinct user in this group. Use ACLs to give permissions on directories and files. This is why all this stuff exists.
And while we’re at it, we can harden individual commands by taking openbsd ideas like pledge and unveil. And perhaps even some openvms ideas with the symbol and logical redefinitions to make sure these users can only operate on what we want them to operate on and use only what we want them to use.
They gave experimental commands full access to their private data. Data deletion is, in fact, the least concerning outcome here.
On the bright side, this is a solid reminder to maintain proper backups.
If this happened to me, I'd just restore from backup and be back up in 20 minutes. That said, I avoid this scenario entirely by running agents in isolated VMs and only mounting the specific directories they need access to.
Your system should have an “agent” user group and each agent should run as a distinct user in this group. Use ACLs to give permissions on directories and files. This is why all this stuff exists.
And while we’re at it, we can harden individual commands by taking openbsd ideas like pledge and unveil. And perhaps even some openvms ideas with the symbol and logical redefinitions to make sure these users can only operate on what we want them to operate on and use only what we want them to use.
reply