Mastodawn

You have an agent running on your local system. You want it to have access to a restricted set of things, both locally and remote. What is the technical mechanism you use to ensure that it has a subset of the access that you, as an individual logged into the same system, do?

(I am uninterested in "Don't run an agent" because while yes I see your point that doesn't mean it's not happening and security professionals have to deal with what's happening not what we want to be happening)

Show thread

Will Brien 1d ago

@mjg59 I guess you’d be hoping to get the agent to run as a 2nd (non-privileged) local user, which would also imply that your local device is properly restricted so that local users can’t go nuts and fsck up your environment somehow? 🤔 sounds like a lot of work to set up but if I had to do it, I’d try doing that

Show thread

Will Brien

@mjg59 or throw the agent into a VM and run the VM under network restrictions, maybe