Sandbox blocks macOS Security.framework trustd IPC, breaking all Go binaries (gh, terraform, tofu)

Resolved 💬 4 comments Opened Mar 16, 2026 by coderbants Closed Apr 13, 2026

Problem

All Go-based CLI tools (gh, terraform, tofu, and any custom Go binary) fail with TLS certificate verification errors when run inside Claude Code's sandbox on macOS:

Get "https://api.github.com/user": tls: failed to verify certificate: x509: OSStatus -26276

curl and other tools using OpenSSL/LibreSSL work fine in the same sandbox.

Root Cause

Go's crypto/x509 on macOS (since Go 1.21+) always uses SecTrustEvaluateWithError() from Security.framework for TLS certificate verification. This function communicates with the trustd daemon via Mach IPC (XPC). Claude Code's sandbox-exec profile blocks this Mach port lookup, causing errSecInternalComponent (OSStatus -26276).

Key details:

  • curl works because it uses OpenSSL/LibreSSL which reads /private/etc/ssl/cert.pem directly — no IPC needed
  • Go has no fallback to file-based cert roots on macOS (GODEBUG=x509usefallbackroots=1 requires SetFallbackRoots() to be called by the program, SSL_CERT_FILE is ignored, CGO_ENABLED=0 doesn't help since Go uses purego syscalls not cgo)
  • This affects every Go binary that makes HTTPS connections — not just gh

Reproduction

# Inside Claude Code sandbox (default, no dangerouslyDisableSandbox):
gh api user
# → tls: failed to verify certificate: x509: OSStatus -26276

# Minimal Go program reproduces the same:
# tls.DialWithDialer(&net.Dialer{}, "tcp", "api.github.com:443", &tls.Config{})
# → same error

# Outside sandbox (dangerouslyDisableSandbox: true):
gh api user
# → works fine

Suggested Fix

Add com.apple.trustd to the allowed Mach service lookups in the macOS sandbox profile:

(allow mach-lookup (global-name "com.apple.trustd"))

Security Assessment

  • trustd is a read-only trust evaluation service — it validates certificate chains against the system trust store, checks OCSP revocation, and enforces CT policies
  • It cannot be used to install certificates, modify the trust store, or bypass certificate pinning
  • The sandbox already allows network connections to whitelisted hosts — blocking trustd doesn't prevent network access, it just prevents Go programs from doing it securely via TLS
  • The current behavior forces users to use dangerouslyDisableSandbox: true for every gh/terraform command, which removes all sandbox protections — allowing just trustd is strictly more secure

Environment

  • macOS Darwin 25.3.0 (arm64)
  • Claude Code (latest)
  • Go 1.25.3
  • gh 2.87.3
  • Confirmed the sandbox uses sandbox-exec (nested sandbox-exec fails with "Operation not permitted")

Affected Tools

Any Go binary making HTTPS calls, including:

  • gh (GitHub CLI)
  • terraform / tofu (infrastructure as code)
  • go toolchain itself (module downloads)
  • Custom Go services

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗