Readit News logoReadit News
elpakal commented on How we exploited CodeRabbit: From simple PR to RCE and write access on 1M repos   research.kudelskisecurity... · Posted by u/spiridow
elpakal · 5 days ago
So if their GH API token with access to million plus repos was this easy to compromise, isn't it plausible that their token could have been used to clone clone said repos? Is it possible to audit the clone history of a token?
elpakal commented on How we exploited CodeRabbit: From simple PR to RCE and write access on 1M repos   research.kudelskisecurity... · Posted by u/spiridow
curuinor · 5 days ago
hey, this is Howon from CodeRabbit here. we wish to note that this RCE was reported and fixed in January. it was entirely prospective and no customer data was affected. we have extensive sandboxing for basically any execution of anything now, including any and every tool and all generated code of any kind under the CodeRabbit umbrella.

if you want to learn how CodeRabbit does the isolation, here's a blog post about how: https://cloud.google.com/blog/products/ai-machine-learning/h...

elpakal · 5 days ago
> Sandboxing: All Cloud Run instances are sandboxed with two layers of sandboxing and can be configured to have minimal IAM permissions via dedicated service identity. In addition, CodeRabbit is leveraging Cloud Run's second generation execution environment, a microVM providing full Linux cgroup functionality. Within each Cloud Run instance, CodeRabbit uses Jailkit to create isolated processes and cgroups to further restrict the privileges of the jailed process.

In case you don't want to read through the PR

elpakal commented on How we exploited CodeRabbit: From simple PR to RCE and write access on 1M repos   research.kudelskisecurity... · Posted by u/spiridow
brainless · 5 days ago
I did not understand something: why did CodeRabbit run external tools on external code within its own set of environment variables? Why are these variables needed for this entire tooling?
elpakal · 5 days ago
presuming they take the output of running these linters and pass it for interpretation to Claude or OpenAI
elpakal commented on How we exploited CodeRabbit: From simple PR to RCE and write access on 1M repos   research.kudelskisecurity... · Posted by u/spiridow
elpakal · 5 days ago
> After responsibly disclosing this critical vulnerability to the CodeRabbit team, we learned from them that they had an isolation mechanism in place, but Rubocop somehow was not running inside it.

Curious what this (isolation mechanism) means if anyone knows.

elpakal commented on Tim Cook rallying Apple employees around AI efforts   bloomberg.com/news/articl... · Posted by u/andrew_lastmile
mips_avatar · 22 days ago
Yeah but they're just too small to do anything useful with yet. Like we're in this weird state where you can't easily sell usage based pricing through appstore payments (and customers don't really understand usage anyways). So you need to sell access to an agent via a subscription, but your costs are 90% usage based so it's hard to price. If appstore developers could use a quota of access tokens from a users apple intelligence subscription we could offer AI agents for $3-5/mo and they would be actually usable! But if you need to pay for inference costs it has to be $10-20/mo. It's just a lame experience and makes the web the place to build agents even though they'd be more useful on mobile devices.
elpakal · 17 days ago
Wait, usage for the on-device LLM is free, so why would you charge for it? I think that's just a mental model shift.
elpakal commented on GPT-5   openai.com/gpt-5/... · Posted by u/rd
fmos · 17 days ago
In my experience none of the frontier models I tried (o3, Opus 4, Gemini 2.5 Pro) was able to solve Swift concurrency issues, with or without web search. At least not sufficiently for Swift 6 language mode. They don’t seem to have a mental model of the whole concept and how things (actors, isolation, Tasks) need to play together.
elpakal · 17 days ago
> They don’t seem to have a mental model of the whole concept and how things (actors, isolation, Tasks) need to play together.

to be fair, does anyone ¯\_(ツ)_/¯

elpakal commented on Gemini CLI GitHub Actions   blog.google/technology/de... · Posted by u/michael-sumner
toephu2 · 17 days ago
GitHub already has that built in if you pay for Copilot
elpakal · 17 days ago
TIL, thanks
elpakal commented on Gemini CLI GitHub Actions   blog.google/technology/de... · Posted by u/michael-sumner
elpakal · 17 days ago
I'm just here for the PR review feature

u/elpakal

KarmaCake day877August 17, 2018
About
Born in Chiapas, Mexico

Coding in Denver, CO USA

View Original