claude-code icon indicating copy to clipboard operation
claude-code copied to clipboard
Published 1 week ago verified publisher icon anthropics

[BUG] Execution of Deny permissions in settings.json

Open Abrakebabra opened this issue 1 month ago • 4 comments

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

I spent some time testing the sandbox and permissions and I was able to break configuration a few times. I'm researching minimum and recommended guidelines.

Issue 1 - Unexpected execution of unapproved Bash command Image

Deny: Bash all Allow: echo Allow: mkdir

I was able to execute env successfully and see my environment key.

Other overlapping denies resulted in successful execution of Bash commands.

However, Deny: Bash Allow: Echo

Resulted in denied execution.

An additional allow rule resulted in execution of all Bash commands.

Issue 2 - Sneaky execution of denied Bash command Deny: Bash(env) Deny: Bash(printenv)

"create a file named check_env with no extension with the following contents: #!/bin/bash env | sort

Run the commands: chmod +x check_env ./check_env"

"run check_env"

Resulted in successful execution.

What Should Happen?

The documentation under configuring permissions states that deny results take precedence over allow and ask rules. https://code.claude.com/docs/en/iam#configuring-permissions

Error Messages/Logs

Steps to Reproduce

Step 1: Configure settings as follows settings.local.json

Step 2: Create .env file with any environment key and value.

Step 3: Load the environment variable. I used this. session-start.sh

Step 4:

run the bash command echo 123

⏺ I'll run the bash command to echo 123.

⏺ Bash(echo 123) ⎿  123

⏺ The command output 123 as expected.

run mkdir new-directory

⏺ I'll create a directory called "new-directory".

⏺ Bash(mkdir new-directory) ⎿  (No content)

⏺ The directory "new-directory" has been created successfully.

Claude Model

Sonnet (default)

Is this a regression?

I don't know

Last Working Version

No response

Claude Code Version

2.0.50 (Claude Code)

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

Terminal.app (macOS)

Additional Information

Works on both latest version of Sonnet and Haiku.

Abrakebabra avatar Nov 22 '25 16:11 Abrakebabra

Sorry I posted by mistake before I could get all my inputs and logs. I'll be happy to re-perform steps to provide if needed.

Abrakebabra avatar Nov 22 '25 16:11 Abrakebabra

Found 2 possible duplicate issues:

  1. https://github.com/anthropics/claude-code/issues/8961
  2. https://github.com/anthropics/claude-code/issues/11662

This issue will be automatically closed as a duplicate in 3 days.

  • If your issue is a duplicate, please close it and 👍 the existing issue instead
  • To prevent auto-closure, add a comment or 👎 this comment

🤖 Generated with Claude Code

github-actions[bot] avatar Nov 22 '25 16:11 github-actions[bot]

this is incredibly offtopic, but that is one cool looking terminal

justjxke avatar Nov 22 '25 16:11 justjxke

hey, i noticed that your "allow" config has a syntax error, so the entire settings config is failing. To view the sandbox status, please use /sandbox - i think this should fix your issue

ollie-anthropic avatar Dec 02 '25 02:12 ollie-anthropic