[Security/Stability] Robustly address the issue of running/updating `claude` as superuser.
Since #168 was closed, three additional system destabilization reports have come in. Furthermore, although #205 has been merged and the README for the repo has been updated, the installation and authentication instructions on the main Anthropic page have not been updated to match. (This follow-up action was recommended as part of the PR.)
Frankly, Anthropic is playing with fire and it is only a matter of time before someone in the tech media decides to make a story out of it. While this might not be as big as the Sony root kit scandal, it will still not be a good look for a company which prides itself on AI _safety_. We have past nearly a week since the _public_ release of this product. It does not matter that it is "just a preview".
Here are my recommendations to robustly address the issue:
- Modify
claudeto detect when it is running as UID 0 (root, the superuser) and boldly warn people to reconsider. - Modify
claudeto _remove_ the instructions which recommendchmod -Randchown -Rcommands for it to receive updates, if you have not already done so. - Update the installation and authentication instructions on the main Anthropic page to match the README for this repo, so that people better understand their options for running as a non-privileged user, no matter where they find the instructions.
- Email the preview release program participants and explain the situation and how to remedy it. (Some people will have already installed a version of
claude, which does not have later updates, as a superuser.)
@sid374 : Sorry to tag you directly, but you seem to be running point on this. If you are being blocked by a product manager (or any other kind of manager), you may want to escalate to the head of your application security (AppSec) team, or your CISO, if you do not have such a team. They can probably help you sort through this more rapidly than you can by yourself.
Why do I care? I like Anthropic (and Claude) and want you to succeed; not robustly addressing this issue is endangering your success.
This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗