You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Regarding safety issues users on HN have suggested using ptrace to intercept syscalls to simulate commands like "rm" and "dd". This seems like it might lead to some frustrating edge cases, though. Especially if you're trying to support MacOS and Linux.
I think all three of these are good ideas with varying levels of complexity. It would protect users who don't realize that this tool can be destructive (or those of us who are absentminded) and perhaps make it possible to use a live search mode again.
The text was updated successfully, but these errors were encountered:
Using ptrace or seccomp seem to be new (but likely rather fiddly) additions to the list of potential read-only tools.
I only speak a little golang but it seems to me like using seccomp is a promising avenue because there is an actively maintained lib for interacting with it.
As @diego898 mentioned, some comments in #8 might be worth a look (not all of them, the very initial version of up was somewhat different and executed the pipeline on every keystroke, not just on Enter, and this topic is mixed a lot in that thread).
As to whitelists, as far as I'm aware, some flags on seemingly innocent commands can still be dangerous; so I'm personally not sold on it, and would be afraid of lulling users into a false sense of security; for now I prefer to leave the responsibility on them, and with Enter as the "execute" key, to me it doesn't feel much different from a regular shell prompt in this aspect.
@jnovek I will certainly not work on that myself, but if you're interested in experimenting, I will try to be at least helpful from the up side of things :) [I'm kinda having a lot on my plate now, and still haven't regained all of my "mojo" towards up after releasing it, but I love interesting ideas, and this one for sure is :) I feel I would find fun in watching where you might get here :) and if you're stubbornly curious enough, I know by myself you might get amazingly far :)]
You're on Hacker News this morning: `https://news.ycombinator.com/item?id=26644110
Regarding safety issues users on HN have suggested using ptrace to intercept syscalls to simulate commands like "rm" and "dd". This seems like it might lead to some frustrating edge cases, though. Especially if you're trying to support MacOS and Linux.
https://news.ycombinator.com/item?id=26644508
Another user suggested using the seccomp syscall in Linux, pledge in BSD to disallow writes from the UP process.
https://news.ycombinator.com/item?id=26644319
Finally another user suggested using blacklists/whitelists to disallow certain destructive executables.
https://news.ycombinator.com/item?id=26644442
I think all three of these are good ideas with varying levels of complexity. It would protect users who don't realize that this tool can be destructive (or those of us who are absentminded) and perhaps make it possible to use a live search mode again.
The text was updated successfully, but these errors were encountered: