Claude doesn't have permission to run `rm` by default. Play with fire, you get b...

hurturue · 2025-12-15T00:14:03 1765757643

there's an infinite amount of ways to delete a file. deny listing commands doesnt work.

python3 -c "import os; os.unlink('~/.bashrc')"

skeledrew · 2025-12-15T00:35:18 1765758918

Choose whitelisting over blacklisting, like making your own tools that you give to it, and allow nothing else.

simlevesque · 2025-12-15T02:10:15 1765764615

Let us know when your allowlist is done.

maxbond · 2025-12-15T05:34:35 1765776875

I don't know why you're implying the list is unbounded but this isn't very difficult. You don't have to have perfect foresight and one shot the list. You'll add things as you discover you missed them or as you adopt new tools/scripts.

Don't let the perfect be the enemy of the good, there is a lot of space between running agents directly on your system and an environment too locked down or sophisticated to realistically maintain.

alexfoo · 2025-12-15T00:54:35 1765760075

Choose racially neutral terminology…

allowlist and denylist (or blocklist)

dpifke · 2025-12-15T01:07:46 1765760866

Shouldn't you be out protesting your local chess club instead of posting on HN right now?

blitz_skull · 2025-12-15T13:42:44 1765806164

No, I’ll keep using the words that I want. I’m not going to be word policed by some twelve year old on the internet.

hluska · 2025-12-15T01:08:40 1765760920

This topic was boring years ago. At this point, it’s all been said by better who are better at writing than you.

metadope · 2025-12-15T21:33:46 1765834426

I am sorry and saddened to see your comment dimmed and dissed by our brethren.

Everyone is in a mood, after entertaining the terror that comes with deploying unsupervised super-potent Agents, the year of living dangerously.

I for one appreciate having my consciousness raised in the middle of all this, reminding me of the importance of other humans' experiences.

Or, were you tongue-in-cheek, just yanking chains, rattling cages?

In either case: Keep up the good work.

8653564297860 · 2025-12-15T19:15:37 1765826137

Get fucked

sunaookami · 2025-12-15T09:38:10 1765791490

Of course there are many ways but LLM don't use them. They use standard commands and you will get a confirmation prompt in the terminal where you can deny and you are thrown back into prompting.

nicolaslem · 2025-12-15T09:51:42 1765792302

They do get really creative to achieve their goals. Claude Code routinely uses these kind of one liners.

irishcoffee · 2025-12-14T23:49:04 1765756144

I have no idea if this is possible: mv ~/* /dev/null

realo · 2025-12-14T23:57:28 1765756648

Try that one instead:

mv ~/. /dev/null

Better.

Extra points if you achieve that one also:

mv /. /dev/null

Slashdot aficionados might object to that last one, though.

klempner · 2025-12-15T00:52:46 1765759966

Speaking of Slashdot, some fairly frequent poster had a signature back around 2001/2002 had a signature that was something like

mv /bin/laden /dev/null

and then someone explained how that was broken: even if that succeeds, what you've done is to replace the device file /dev/null with the regular file that was previously at /bin/laden, and then whenever other things redirect their output to /dev/null they'll be overwriting this random file than having output be discarded immediately, which is moderately bad.

Your version will just fail (even assuming root) because mv won't let you replace a file with a directory.

blitz_skull · 2025-12-14T23:50:55 1765756255

Hmm... Let me go run it real quick without checking what it does.

EDIT: OH MY GOD

irishcoffee · 2025-12-14T23:54:33 1765756473

Har har, I meant within the permission framework of the bots people unleash on their personal computers.

I assume yes.