>> bash actually has a "restricted" mode ...
> Does that work? I've never seen it used. It seems easy to escape.
Yes, it does work for its intended purpose. It has often been used in combination with chroot[0] as well.
> The docs seem to suggest using alternate approaches.
>> Modern systems provide more secure ways to implement a restricted environment, such as jails, zones, or containers.
These approaches are not mutually exclusive with restricted shell use. For example, one could use FreeBSD jails to secure Apache httpd and/or Nginx and still employ a restricted shell to evaluate requests.
0 - https://man.freebsd.org/cgi/man.cgi?query=chroot&apropos=0&s...
I'm seeing a ton of restricted mode escapes documented online, like https://0xffsec.com/handbook/shells/restricted-shells/ so I'm not so sure. When basic utilities like less, man, and awk can run subshells it's quite a mess.
Bash restricted mode needing a chroot may suggest that Claude also needs a chroot (or restricted file permissions, jail, etc).