-
-
Notifications
You must be signed in to change notification settings - Fork 57
Dangers of Code Runner
Warning
As a summary of this page, if you are not used to using a terminal or working with commands or scripts you should probably just stay away from Alpaca's integrated code runner. Code generated by a model is not necessarily secure, I will even go as far as to say you should probably assume that it is insecure most of the time.
In the official installation methods Alpaca is sandboxed, this means Alpaca will only have access to the files and directories you give it permission to use. By default Alpaca can't access any system or user directory, with the exception of /sys/module/amdgpu which is only accessed in read-only mode and of course the data, config and temp directories that Flatpak and Snap provides Alpaca to save it's data.
What this means for the user is that Alpaca can't access system libraries, apps or any documents unless you break the sandbox using Flatpak or Snap commands which is not required.
The official packages for Alpaca are sandboxed so this is the default behavior.
Flatpak and Snap provides apps with a small container-like environment from which apps can run different commands and interact with their own directories, a simple way of seeing this environment in action would be running the following command:
flatpak run --command=sh com.jeffser.AlpacaThis will start a shell inside the Alpaca environment, from which you can see all the virtual directories and libraries Alpaca interacts with.
You will probably notice how your personal files and apps binaries are missing, that's how sandboxing an application helps with security in your system.
Now when you run a command inside the integrated Alpaca code runner, that script will only have access to that environment, that doesn't mean it's completely secure since those scripts could corrupt Alpaca, your chats or potentially access your system files if you modified Alpaca's permissions.
Even though sandboxing provides a secured and separated environment that doesn't mean you should be running any code a model provides you, please review carefully what the model outputs before running it, and no, asking the model if it's secure isn't enough, they can just hallucinate or straight up lie to you, you know how AI work.
Other unofficial packages don't provide the same sandbox Flatpak and Snaps provide, this means any code that's run inside the integrated terminal has the same permissions as it would have in a normal terminal emulator, if the terminal outputs sudo rm -rf / and you run it, it will delete your whole system. There aren't any limitations to prevent you from shooting yourself in the foot, whilst having an AI manage your system, update your packages or manage your directories might sound nice, please be aware an AI model with this power can and probably will break your system if you don't check what you are running.
| Command | With Sandbox | Without Sandbox |
|---|---|---|
| rm -r ~/Documents | Directory / File not found (Your files are ok) | All your documents are gone, can't be recovered |
| sudo rm -rf / | Alpaca is probably corrupted and will need to be reinstalled | Your system is gone |
Again the warning that appears inside Alpaca before running scripts is there for a reason, I'm not responsible for any damages to hardware or data, Alpaca is and has always been licensed without any warranty.