[BUG] sandbox.enabled: true silently ignored when socat is not installed (security risk)
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
When sandbox.enabled: true is set in settings.json but socat is not installed, Claude Code starts normally without sandbox and without any warning or error. The user has no way to know the sandbox is not active.
This is a security issue: users who explicitly enable sandboxing (e.g., to restrict network access via allowedDomains) are led to believe their security policy is enforced, when it is silently not.
Note: This issue was previously reported as #12515, which was incorrectly closed as a duplicate of #11079. #11079 is about a crash when TMPDIR is non-writable. This issue is the opposite: startup succeeds without entering sandbox mode, with no indication that the sandbox setting was ignored. The author of #12515 raised this objection, but the issue was locked before it could be addressed.
What Should Happen?
Claude Code should either:
- Fail to start with a clear error message (e.g.,
"sandbox.enabled is true but socat is not installed. Install socat or disable sandbox."), or - Show a prominent warning that sandboxing could not be enabled and the session is running without it.
Silently ignoring an explicit security setting is not acceptable behavior.
Error Messages/Logs
None. No error or warning is shown.
Steps to Reproduce
On Linux (Ubuntu/Debian):
- Ensure
socatis not installed:sudo apt remove socat - Add sandbox config to
~/.claude/settings.json:
``json``
{
"sandbox": {
"enabled": true,
"network": {
"allowedDomains": ["pypi.org"]
}
}
}
- Start Claude Code:
claude - No error or warning is shown — Claude starts normally
- From a Bash tool, verify network is not restricted:
``python``
import urllib.request
urllib.request.urlopen("https://www.google.com", timeout=5)
# → succeeds, even though google.com is not in allowedDomains
- Install
socat:sudo apt install socat, restart Claude Code - Same test now correctly blocks google.com
Security Impact
Users who configure allowedDomains to restrict network access (e.g., to prevent data exfiltration) receive no protection until they independently discover that socat must be installed separately. This undermines the purpose of the sandbox feature.
Claude Code Version
2.1.74 (Claude Code)
Platform
Anthropic API
Operating System
Ubuntu Linux
Terminal/Shell
bash
Additional Information
- Related (incorrectly marked duplicate): #12515
- Incorrectly identified duplicate: #11079 (different issue — crash on non-writable TMPDIR)
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗