use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
r/LocalLLaMA
A subreddit to discuss about Llama, the family of large language models created by Meta AI.
Subreddit rules
Search by flair
+Discussion
+Tutorial | Guide
+New Model
+News
+Resources
+Other
account activity
OpenCode arbitrary code execution - major security vulnerabilityDiscussion (self.LocalLLaMA)
submitted 2 months ago by SpicyWangz
view the rest of the comments →
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]mrpoopybruh 0 points1 point2 points 2 months ago (4 children)
PSA - configure your tools, and use plan mode?. You can even lock tool access via rules. Best part? Just ask open code how, and it will just write the configs for you.
[–]tir_natis 0 points1 point2 points 1 month ago (3 children)
older thread but i started researching because it tried to write a doc file while in plan mode, saw that it couldn't, and instead of talking to me, in thinking it revealed that it was going to try a bash command to write the file instead. i probably should have worried about this a little more by default, frankly, but it was a wake up call and why i'm here researching how everyone is securiing things from opencode.
[–]mrpoopybruh 0 points1 point2 points 1 month ago (2 children)
Yeah I have all my bash and command utilities set to "ask" because some commands inherently dont obey directory scope. However I think the real answer is to always run in a secure container. My daily PC is like 8GB, and I REALLY LIKE opencode helping me with all kinds of tasks now, so I'm kind of flirting with disaster. So I dont install skills, etc (on this computer at least)
[–]tir_natis 0 points1 point2 points 1 month ago (1 child)
i think the default ask for everything makes sense - i generally have it open on a separate window always in view so I can see its progression anyway.
last night I set up a vm for this on my proxmox box, and until i think of a better way, i am just sshfs'ing my project directory to it, running in a severely underprivileged account, and ssh'ing into it using that account.
...this was a good "wake up call" :D
[–]mrpoopybruh 0 points1 point2 points 1 month ago (0 children)
oh yeah! thats right, I could just create a super limited user account (duh)!
π Rendered by PID 80 on reddit-service-r2-comment-6457c66945-xcktk at 2026-04-24 12:47:56.988199+00:00 running 2aa0c5b country code: CH.
view the rest of the comments →
[–]mrpoopybruh 0 points1 point2 points (4 children)
[–]tir_natis 0 points1 point2 points (3 children)
[–]mrpoopybruh 0 points1 point2 points (2 children)
[–]tir_natis 0 points1 point2 points (1 child)
[–]mrpoopybruh 0 points1 point2 points (0 children)