theanonymousone4d ago

LiteLLM Python package compromised by supply-chain attack

https://github.com/BerriAI/litellm/issues/24512

[Security]: CRITICAL: Malicious litellm_init.pth in litellm 1.82.8 — credential stealer · Issue #24512 · BerriAI/litellm

[LITELLM TEAM] - For updates from the team, please see: #24518 [Security]: CRITICAL: Malicious litellm_init.pth in litellm 1.82.8 PyPI package — credential stealer Summary The litellm==1.82.8 wheel...

GitHub
Show threadjFriedensreich4d ago
We just can't trust dependencies and dev setups. I wanted to say "anymore" but we never could. Dev containers were never good enough, too clumsy and too little isolation. We need to start working in full sandboxes with defence in depth that have real guardrails and UIs like vm isolation + container primitives and allow lists, egress filters, seccomp, gvisor and more but with much better usability. Its the same requirements we have for agent runtimes, lets use this momentum to make our dev environments safer! In such an environment the container would crash, we see the violations, delete it and dont' have to worry about it. We should treat this as an everyday possibility not as an isolated security incident.
Show threadamelius
We need programming languages where every imported module is in its own sandbox by default.
Mar 24 at 2:17pmWeb
Show threadjFriedensreich4d ago
We have one where thats possible: workerd (apache 2.0) no new language needed just a new runtime
Show threadamelius4d ago

I mean, the sandboxing aspect of a language is just one thing.

We should have sandboxing in Rust, Python, and every language in between.

Show threadjerf4d ago
Now is probably a pretty good time to start a capabilities-based language if someone is able to do that. I wish I had the time.
Show threadsaidnooneever4d ago

just sandbox the interpreter (in this case), package manager and binaries.

u can run in chroot jail and it wouldnt have accessed ssh keys outside of the jail...

theres many more similar technologies aleady existing, for decades.

doing it on a per language basis is not ideal. any new language would have to reinvent the wheel.

better to do it at system level. with the already existing tooling.

openbsd has plege/unveil, linux chroot, namespaces, cgroups, freebsd capsicum or w/e. theres many of these things.

(i am not sure how well they play within these scenarios, but just triggering on the sandboxing comment. theres plenty of ways to do it as far as i can tell...)

Show threadamelius4d ago

What if I wanted to write a program that uses untrusted libraries, but also does some very security sensitive stuff? You are probably going to suggest splitting the program into microservices. But that has a lot of problems and makes things slow.

The problem is that programs can be entire systems, so "doing it at the system level" still means that you'd have to build boundaries inside a program.