I believe this might be a regression in 1.0.4 and might have worked in previous versions?
If someone can tell me how to downgrade, I can try it out.
Either way, this looks like a very serious security bug!!
Reproduction
Working in interactive mode:
agy --sandbox --log-file cli.log- Exit (2x CTRL+D)
$ grep -i sandbox cli.log
I0603 12:23:31.784569 2569746 common.go:414] --sandbox: enabling terminal sandbox for this session
Not working in headless mode:
agy --sandbox --log-file cli.log -p "Run 'echo test > $HOME/test.out'"
$ grep -i sandbox cli.log
$ cat $HOME/test.out
test
Not only does the "enabling terminal sandbox for this session" log line no longer show up in the cli.log, but I also confirmed that it's indeed able to run without sandboxing restrictions.
I believe this might be a regression in 1.0.4 and might have worked in previous versions?
If someone can tell me how to downgrade, I can try it out.
Either way, this looks like a very serious security bug!!
Reproduction
Working in interactive mode:
agy --sandbox --log-file cli.log$ grep -i sandbox cli.log I0603 12:23:31.784569 2569746 common.go:414] --sandbox: enabling terminal sandbox for this sessionNot working in headless mode:
agy --sandbox --log-file cli.log -p "Run 'echo test > $HOME/test.out'"Not only does the "enabling terminal sandbox for this session" log line no longer show up in the cli.log, but I also confirmed that it's indeed able to run without sandboxing restrictions.