-
Notifications
You must be signed in to change notification settings - Fork 44.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix/execute_code #3884
fix/execute_code #3884
Conversation
When not running in docker files should be executed using system python.
The latest updates on your projects. Learn more about Vercel for Git ↗︎ 1 Ignored Deployment
|
while that's a trivial change in theory, it's opening up a whole new can of worms. You will almost certainly want to make this optional by introducing a corresponding new env option to enable this. And if this is to be accepted, there should probably be some additional restrictions in place. For instance, enabling Auto-GPT to execute code/scripts OUTSIDE of docker/chroot environments would be better supported only for a dedicated "autogpt" user - to isolate the user/admin (root!) account [home directory] from the script - which is basically a remote code execution engine primed by your prompts - but overall, it's just a fancy RCE-engine, so you really don't want to circumvent all sorts of security concerns here - things are inevitably going to go wrong at some point. Then again, I do agree that the system is most useful if you grant it with access to executing scripts and command, but it would be better to introduce additional safety measures - so that people need at least to remove those explicitly. See also: |
The idea is that when you run in docker you are in a sandbox so you can run python code safely. If you are not - then python code is executed in a docker sandbox. No bugs here. |
I believe someone recently pointed out that there might be a confusing conceptual problem due to the disjoint between what the python sandbox is what other shell commands get to see/do (can't seem to find the comment currently) |
The bug arises when a library outside of the docker image is required. Sandbox fails and agents can enter into loops trying to get it to execute. For example if it uses python3.9:alpine and attempt to use numpy. Numpy is not a standard python library. However, this solution isn't the best. |
@valayDave summed up the issue pretty well when he pointed out how the agent gets to see very little surrounding/environmental state and is acting on weird assumptions, especially once commands cross multiple shell sessions or even machines (think ssh). See: #4138 |
When not running in docker files should be executed using system python.
Background
Changes
Documentation
Test Plan
PR Quality Checklist