[feat] password sanitizer

Question

[feat] password sanitizer

Closed this issue 2 months ago · 2 comments

As suggested by https://news.ycombinator.com/item?id=41139049 the terminal history should be sanitized before sending to LLM backend. This can be done with a pre llm hook.

Code for reference: https://github.com/closedloop-technologies/autocomplete-sh/blob/1bd533a22379f2ebf0e1f31c39b11b8b2089a510/autocomplete.sh#L149

Will a heoristic sanitizer be easy and worth to inplement?

Answer 1 · 2024-12-14T08:06:19.000Z

Additionally, like, e.g. 7z, consider rewrite argv with exec -a or other methods to sanitize the cmdline of the process, so that on multi user systems passing API key via command line will be a little bit safer.

This will be probably not implemented because it barely increase the security level and need investigation on whether and how it should be done.

Answer 2 · 2025-01-29T09:34:37.000Z

This will be probably not implemented because it barely increase the security level and need investigation on whether and how it should be done.

From what I know so far, modifying argv in C programs successfully changes /proc/<pid>/cmdline, but I couldn't find a way to do it in bash. exec -a doesn't work.

I should add a tip in document to remind users not to pass keys via CLI parameters while in a multi-user system.