[BUG] Bash commands with stderr redirection (2>/dev/null) require permission despite whitelisted base commands
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
When I try to run a bash command with stderr redirection 2>/dev/null, Claude Code requests permission even though the base commands (cd and find) are explicitly whitelisted in my configuration.
The command requires permission after accepting it, despite both Bash(cd:*) and Bash(find:*) being in my whitelist.
What Should Happen?
Claude Code should execute bash commands with stderr redirection (2>/dev/null, 2>&1, etc.) without requesting permission when the base command is whitelisted. The redirection operator is a standard shell feature that doesn't change the security profile of the underlying command.
Steps to Reproduce
- Add the following to your Claude Code whitelist configuration :
{
"permissions": {
"allow": [
"Bash(cd:*)",
"Bash(find:*)",
],
"deny": [],
"ask": []
}
}
- Have Claude run this command:
cd ~/src && find path/to/some/file 2>/dev/null
- Observe that Claude requests permission to run the command
- Now run the same command WITHOUT
2>/dev/null:
cd ~/src && find path/to/some/file
- Observe that this runs without requesting permission
Note: The issue specifically occurs when stderr redirection operators (2>/dev/null, 2>&1, >, >>, etc.) are added to otherwise whitelisted commands.
Claude Model
Sonnet (default)
Is this a regression?
I don't know
Last Working Version
_No response_
Claude Code Version
2.0.64
Platform
AWS Bedrock
Operating System
macOS
Terminal/Shell
Terminal.app (macOS)
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗