https://news.ycombinator.com/user?id=ashahinHacker News RSShttps://hnrss.org/hnrss v2.1.1Mon, 01 Jun 2026 21:28:28 +0000The "workaround" framing implies the docker-group trick is the issue. The deeper question: should agents be allowed to find ANY workaround around a permission boundary the user implicitly set by not granting sudo? Same blast radius whether it's docker, a setuid binary, or rewriting your scripts — needs to be flagged regardless of the specific trick.

]]>Sun, 31 May 2026 23:33:05 +0000https://news.ycombinator.com/item?id=48350891ashahinhttps://news.ycombinator.com/item?id=48350891https://news.ycombinator.com/item?id=48350891