I really like the new allowlists and autorun abilities except that the default allows too many dangerous commands (like deleting files). Also, it’s easy to add a command to the allowlist accidentally. I’ve resorted to checking the allowlist periodically for peace of mind.
When we run commmands, Cursor ask us to add the command to allow list but the options are too limited.
Let’s say i’m running the command python3 Tools/economic_analysis.py and the cursor asks me to add python3 to the allow list. This is very dangerous way to allow commands. I want to give examples but the problem is too obvious. No one can allow python3 to use freely.
3 Likes
I was just about post similar observation - just add regex to the deny nad whitlists! They don’t seem to understand user needs.
For instance I don’t want rails db:reset to be run except when it’s RAILS_ENV=test rails db:reset - then I don’t care!
There is so much wrong with allowlist / denylist and it’s so easy to solve! Add regex ! Give control to the users!
Being able to add a specific command with arguments would be much more useful over blanket allowing dangerous applications. For example, I think running the tests `python test.py` is probably safe and should be allowlisted but blanket python would be too dangerous.
