Security Permissions Bypass in Bash File Access Restrictions
Bug Description
Bug Report: Claude Code Security Permissions Bypass
Summary:
Security permissions configured in .claude/settings.json can be
bypassed when using indirect file access through Bash
commands, allowing access to restricted files that should be
denied.
Steps to Reproduce:
- Configure .claude/settings.json with deny permissions:
{
"permissions": {
"deny": [
"Read(appsettings)",
"Edit(appsettings)",
"Write(appsettings)",
"Bash(appsettings)"
]
}
}
- Attempt direct file access using Read tool - correctly
denied
- Use indirect Bash commands that access the same restricted
files:
- find /path -name "*.json" -exec grep -l "pattern" {} \;
- grep -A5 -B2 "pattern" /path/to/appsettings.json
Expected Behavior:
All Bash commands accessing files matching the appsettings
pattern should be blocked according to the
"Bash(appsettings)" rule.
Actual Behavior:
Bash commands successfully execute and return content from
restricted files, bypassing the security permissions.
Security Impact:
This allows Claude to access sensitive configuration files
(like database connections, API keys, etc.) that users
explicitly intended to restrict, potentially exposing
confidential information.
Environment:
- Claude Code CLI
- Model: claude-opus-4-1-20250805
- Platform: macOS (Darwin 24.6.0)
Environment Info
- Platform: darwin
- Terminal: tmux
- Version: 1.0.83
- Feedback ID: 2ba205a2-08b0-49b8-8b5b-29c6ab956cd5
This issue has 7 comments on GitHub. Read the full discussion on GitHub ↗