Matthew Garrett1d ago

You have an agent running on your local system. You want it to have access to a restricted set of things, both locally and remote. What is the technical mechanism you use to ensure that it has a subset of the access that you, as an individual logged into the same system, do?

(I am uninterested in "Don't run an agent" because while yes I see your point that doesn't mean it's not happening and security professionals have to deal with what's happening not what we want to be happening)

Show threadstibbons1d ago
@mjg59 Very thought-bubble thinking, but a docker container. Things it needs access to either volume mounts or in the environment, and an allow-list firewall.
Show threadMatthew Garrett1d ago
@stibbons Ah yes but how does it gain the ability to authenticate to remote services and how do we then ensure that those tokens can only be used for that purpose
Show threadstibbons
@mjg59 Hypothetical me would be creating dedicated tokens but then never auditing them again until it was far too late, it's true.
Apr 2 at 8:34amWeb