theanonymousone4d ago

LiteLLM Python package compromised by supply-chain attack

https://github.com/BerriAI/litellm/issues/24512

[Security]: CRITICAL: Malicious litellm_init.pth in litellm 1.82.8 — credential stealer · Issue #24512 · BerriAI/litellm

[LITELLM TEAM] - For updates from the team, please see: #24518 [Security]: CRITICAL: Malicious litellm_init.pth in litellm 1.82.8 PyPI package — credential stealer Summary The litellm==1.82.8 wheel...

GitHub
Show threadjFriedensreich4d ago
We just can't trust dependencies and dev setups. I wanted to say "anymore" but we never could. Dev containers were never good enough, too clumsy and too little isolation. We need to start working in full sandboxes with defence in depth that have real guardrails and UIs like vm isolation + container primitives and allow lists, egress filters, seccomp, gvisor and more but with much better usability. Its the same requirements we have for agent runtimes, lets use this momentum to make our dev environments safer! In such an environment the container would crash, we see the violations, delete it and dont' have to worry about it. We should treat this as an everyday possibility not as an isolated security incident.
Show threadbinsquare4d ago

So... I'm working on an open source technology to make a literal virtual machine shippable i.e. freezing everything inside it, isolated due to vm/hypervisor for sandboxing, with support for containers too since it's a real linux vm.

The problems you mentioned resonated a lot with me and why I'm building it, any interest in working to solve that together?: https://github.com/smol-machines/smolvm

GitHub - smol-machines/smolvm: Tool to build & run portable, lightweight, self-contained virtual machines.

Tool to build & run portable, lightweight, self-contained virtual machines. - smol-machines/smolvm

GitHub
Show threadvladvasiliu
What would the advantage of this be compared to using something like a Firecracker backend for containerd?
Mar 24 at 2:25pmWeb
Show threadjFriedensreich4d ago
firecracker does not run on macos and has no GPU support
Show threadbinsquare4d ago

Run locally on macs, much easier to install/use, and designed to be "portable" meaning you can package a VM to preserve statefulness and run it somewhere else.

worked in AWS and specifically with firecracker in the container space for 4 years - we had a very long onboarding doc to dev on firecracker for containers... So I made sure to focus on ease of use here.