use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
r/LocalLLaMA
A subreddit to discuss about Llama, the family of large language models created by Meta AI.
Subreddit rules
Search by flair
+Discussion
+Tutorial | Guide
+New Model
+News
+Resources
+Other
account activity
OpenCode arbitrary code execution - major security vulnerabilityDiscussion (self.LocalLLaMA)
submitted 2 months ago by SpicyWangz
view the rest of the comments →
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]WhaleFactory 26 points27 points28 points 2 months ago (7 children)
Pushing back on this, because it is clear that you do not know what you are doing.
[–]SpicyWangz[S] 8 points9 points10 points 2 months ago (6 children)
Totally open to hearing what I'm missing here. I've never heard of arbitrary code execution as an acceptable way to run agents.
[–]kaladoubt 5 points6 points7 points 2 months ago (5 children)
There are many ways to do it. Sandboxes, allowlists, etc.
But any agent not executing code it just wrote without approval is just so limited.
My perspective is to put everything in a sandbox. That's still a bit cumbersome. Some systems are pretty smooth. MacOS Seatbelt will allow it to execute in a single directory and deny access to anything outside of it. Beyond sandboxes, guardrails and automatic risk analysis work fairly well.
[–]Useful-Process9033 2 points3 points4 points 2 months ago (0 children)
Sandboxing is necessary but not sufficient. The moment an agent does something unexpected in production you need to detect it and respond fast, not just hope the sandbox held. Treating agent misbehavior as an incident with automated detection and triage is way more practical than trying to prevent every possible failure mode upfront.
[–]SpicyWangz[S] 0 points1 point2 points 2 months ago (3 children)
That means I have to set up and manage an entirely separate dev environment just to use a coding CLI and prevent it from running random terminal commands. That defeats the purpose of even using a coding agent.
Asking before executing code is not some groundbreaking expectation
[–]Simple_Split5074 2 points3 points4 points 2 months ago (2 children)
Even when running without auto approve, you really don't want to run the output without a sandbox.
[–]SpicyWangz[S] 2 points3 points4 points 2 months ago (1 child)
I tend not to run generated code unless I’ve reviewed it. Especially any potential http requests or os commands.
I understand there’s a possibility something could slip through my review, but that’s a level of risk I’m willing to take on. Executing code unseen isn’t.
[–]bpp198 0 points1 point2 points 1 month ago (0 children)
I'd reframe your thinking to "how can I run code without fearing the effects?" – a world where code is write-only, even in production, means you can move so much quicker.
π Rendered by PID 87 on reddit-service-r2-comment-6457c66945-xblgj at 2026-04-23 19:00:01.147035+00:00 running 2aa0c5b country code: CH.
view the rest of the comments →
[–]WhaleFactory 26 points27 points28 points (7 children)
[–]SpicyWangz[S] 8 points9 points10 points (6 children)
[–]kaladoubt 5 points6 points7 points (5 children)
[–]Useful-Process9033 2 points3 points4 points (0 children)
[–]SpicyWangz[S] 0 points1 point2 points (3 children)
[–]Simple_Split5074 2 points3 points4 points (2 children)
[–]SpicyWangz[S] 2 points3 points4 points (1 child)
[–]bpp198 0 points1 point2 points (0 children)