(dmitrybrant.com)

925 points dmitrybrant | 1 comments | 07 Sep 25 23:53 UTC | HN request time: 0.336s | source

Show context

unethical_ban ◴[08 Sep 25 00:14 UTC] No.45163504[source]▶

Neat stuff. I just got Claude code and am training myself on Rails, I'm excited to have assistance working through some ideas I have and seeing it handle this kind of iterative testing is great.

One note: I think the author could have modified sudoers file to allow loading and unloading the module* without password prompt.

replies(3): >>45163525 #>>45163609 #>>45163836 #

anyfoo ◴[08 Sep 25 00:17 UTC] No.45163525[source]▶

>>45163504 #

... which would allow you to load arbitrary code into the kernel, pretty much bypassing any and all security. You might as well not have a password at all. Which, incidentally, can be a valid strategy for isolated external dev boards, or QEMU VMs. But on a machine with stuff you care about? You're basically ripping it open.

replies(4): >>45163564 #>>45163571 #>>45163585 #>>45163590 #

unethical_ban ◴[08 Sep 25 00:25 UTC] No.45163564[source]▶

>>45163525 #

He was already loading "arbitrary" Claude code, no? I'm suggesting there was a way to skip password entry by narrowly tailoring an exception.

Another thought, IIRC in the plugins for Claude code in my IDE, you can "authorize" actions and have manual intervention without having to leave the tool.

My point is there were ways I think they could have avoided copy/paste.

replies(1): >>45163678 #

1. anyfoo ◴[08 Sep 25 00:43 UTC] No.45163678[source]▶

>>45163564 #

While I personally would have used a dedicated development target, the workflow he had at least allowed him to have a good look at any and all code changes, before approving with the root password.

That is a bit different than allowing unconfirmed loading of arbitrary kernel code without proper authentication.

↑

Using Claude Code to modernize a 25-year-old kernel driver