[BUG] File permission deny rules not enforced on Windows native version with Git Bash (works correctly on WSL)
Resolved 💬 2 comments Opened Jul 29, 2025 by qn1btd Closed Aug 6, 2025
Environment
- Claude CLI version: 1.0.62
- Operating System: Windows 11 (native with Git Bash) and WSL Ubuntu
- Terminal: Windows Terminal
Bug Description
File permission deny rules configured in ~/.claude/settings.json are not being enforced when running Claude Code natively on Windows. The same settings configuration works correctly when running Claude Code through WSL, properly denying access to protected files like .env.
Steps to Reproduce
- Create ~/.claude/settings.json with the following content:
{
"permissions": {
"deny": [
"Read(**/.env*)",
"Read(**/*.pem)",
"Read(**/*.key)",
"Read(/secrets/)",
"Read(/credentials/)"
]
}
}
- Create a .env file in a project directory with sensitive content (e.g., API keys)
- Run Claude Code natively on Windows: claude
- Ask Claude to read the .env file using the Read tool
- Repeat steps 3-4 using Claude Code through WSL
Expected Behavior
Claude Code should refuse to read the .env file and return an error message indicating that access to this file is denied by the permissions configuration on both Windows native and WSL.
Actual Behavior
- Windows Native: Claude Code successfully reads the entire contents of the .env file, exposing all sensitive API keys and secrets
- WSL: Claude Code correctly denies access with an appropriate error message (working as expected)
Additional Context
- The exact same settings.json file is used in both environments
- This suggests a Windows-specific issue with path matching or permission checking
- The vulnerability exposes sensitive data including API keys, webhooks, and other credentials
- This is a security vulnerability as it bypasses intended access controls on Windows systems
- The hooks settings in the settings.json are being applied properly
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗