Running Untrusted Code

Discussions center on the security risks of executing code that users haven't written, read, or fully audited themselves, particularly from external sources like GitHub, highlighting concerns about malicious tricks, vulnerabilities, and the need for verification.

➡️ Stable 0.8x Security

3,528

Comments

Years Active

Top Authors

#9339

Topic ID

Activity Over Time

2007

2008

2009

2010

2011

2012

103

2013

131

2014

132

2015

158

2016

221

2017

185

2018

192

2019

227

2020

261

2021

353

2022

278

2023

356

2024

287

2025

447

2026

Top Contributors

pjmlp (24) saagarjha (23) tptacek (17) Dylan16807 (8) simonw (8)

Keywords

SO code untrusted running sensitive malicious execute code run code running python code code doesn

Sample Comments

aplummer • Oct 31, 2016 • View on HN

You're running code you didn't write or entirely read yourself.

applecore • Nov 28, 2014 • View on HN

What's horrible about running your own code?

t0bia_s • Jun 21, 2022 • View on HN

Mabye you wont, but someone else do it. It would be pointless to open code with unwanted tricks behind.

djbusby • Aug 31, 2022 • View on HN

Well, you'd have to really trust the code you're loading.

taeric • Nov 17, 2021 • View on HN

All code is arbitrary code if you are paranoid enough. :)

dvt • Sep 4, 2020 • View on HN

Totally agree with this, hence the caveat that the code doesn't get leaked/compromised :)

medo-bear • May 23, 2023 • View on HN

It scales to "don't run untrusted code if you are concerned about security"

dman • Oct 20, 2011 • View on HN

If the code is unfit for others to read why is it being shipped in production devices?

jtwaleson • Aug 8, 2012 • View on HN

Yes, make sure you inspect it before executing... If someone hijacks my github account, puts on some bad code and you run this, you're screwed.

weavejester • Aug 25, 2014 • View on HN

Where in the article does it advocate running untrusted code?