A security bug in sudo: https://sensorstechforum.com/cve-2019-14287-sudo-bug/
It requires a pretty liberal sudoers file, but it's remarkable that old tools still have security issues!
Related Posts
I find it odd that people recommend Docker for sandboxing agentic coding tools. Isn't it easier to just create a separate user account on the machine?
It's an established security boundary, and viewing output is easy (just make the user's home directory world readable).
It feels like a mature software project is one where bugs require multiple commits to fix.
You've hammered out the basic issues, so the remaining issues are often weird interactions between components.
I'm a fan of the Software Unscripted podcast, and I particularly enjoyed this recent episode about CrowdStrike and security culture: https://www.youtube.com/watch?v=rzjaZssBEiI
The guest (Kelly Shortridge) compares attackers to lawyers trying to find loopholes. This is such a great analogy.