What we need is a capabilities based security system. It could write all the python, asm, whatever it wants and it wouldn't matter at all if it was never given a reference to use something it shouldn't.

Isn't this already possible? Give it its own user account with write access to the project directory and either read access or no access outside it.

Unix permissions is not a capability system though. Capabilities are more like "here is a file descriptor pointing to a directory, you are not capable of referring to anything outside it". So closer to chroot, except you can have several such directory references at the same time.

You can always narrow down a capability (get a new capability pointing to a subdirectory or file, or remove the writing capability so it is read only) but never make it more broad.

In a system designed for this it will be used for everything, not just file system. You might have capabilities related to network connections, or IPC to other processes, etc. The latter is especially attractive in microkernel based OSes. (Speaking of which, Redox OS seems to be experimenting with this, just saw an article today about that.)

See also https://en.wikipedia.org/wiki/Capability-based_security

I have been putting my agents on their own, restricted OS-level user accounts for a while. It works really well for everything I do.

Admittedly, there’s a little more friction and agent confusion sometimes with this setup, but it’s worth the benefit of having zero worries about permissions and security.

Haha, you can already see wheel reinventors in this thread starting to spin their reinvention wheels. Nice stuff, I run my agents in containers.

There exist restricted Shells. But honestly, I don't feel capable of assessing all attack vectors and security measures in sufficient detail. For example, do the rbash restrictions also apply when Python is called with it? Or can the agent somehow bypass rbash to call Python?

https://en.wikipedia.org/wiki/Restricted_shell

Docker is enough in practice no?

in what specific ways did it go too deep? it's hard to understand when you're being so vague.

greatness is working illegally, tax evasion, defrauding consumers, and refusing to pay child support for all of your children.

Okay assuming you're right that society can offset this bad parenting.

Maybe a more prudent first step is giving these kids free breakfast, lunch, and dinner before putting state mandated age verification on a computer.

No argument here!

My parents?

The existence of concentration camps in China does not disprove their existence in the United States.

Save taxpayers money?

I don't think I've ever seen my taxes go down in any tangible way from all the supposed taxpayer saving initiatives over the years.

Somehow we broke the "cheap, fast, good" metric and we don't even get "good" nor "cheap".

I'd prefer good and what i'm paying regardless over some false "savings"

It's childish to want to turn away and bury your head in the sand. He is what he was and looking away doesn't change that.