alt Hacker NewsA few months ago I noticed that even without `--dangerously-skip-permissions`, when Claude thought it was restricting itself to directory D, it was still happy to operate on file `D/../../../../etc/passwd`.
That was the last time I ran Claude Code outside of a Docker container.
Replies
SoftTalker • last Monday at 12:13 AM
You don't even need a container. Make claude a local user. Without sudo permission. It will be confined to damaging its own home directory only.
➕ show 2 replies
Dylan16807 • last Monday at 12:10 AM
By operate on you mean that actually got through and it opened the file?
➕ show 1 reply
It will happily run bash commands, which expands it's reach pretty widely. It's not limited to file operations, and can run system wide commands with your user permissions.