feat(security): block mounting home and system directories as workspace

2026-04-15 08:40:50 +02:00 · 2026-04-15 08:40:50 +02:00 · 65ac4c7011
commit 65ac4c7011
parent 3401fa38a5
1 changed files with 37 additions and 1 deletions
--- a/claude.sh
+++ b/claude.sh
@ -44,8 +44,44 @@ load_env() {

 # ─── Workspace volume resolution ──────────────────────────────────────────────
 # Mounts the current working directory as /workspace inside the container.
+# Refuses to mount the home directory or system directories.
 workspace_flag() {
-    echo "--volume $(pwd):/workspace:z"
+    local cwd
+    cwd="$(pwd)"
+
+    # Exact-match blocklist — mounting these exposes too much of the host
+    local -a exact_blocked=(
+        /
+        "$HOME"
+        /root
+        /home
+    )
+
+    # Prefix blocklist — these and any subdirectory are system internals
+    local -a prefix_blocked=(
+        /bin /sbin /lib /lib64
+        /etc /usr /var
+        /proc /sys /dev
+        /boot /run
+    )
+
+    for dir in "${exact_blocked[@]}"; do
+        if [[ "$cwd" == "$dir" ]]; then
+            error "Refusing to mount $cwd as workspace — too broad."
+            error "cd into a project subdirectory first."
+            exit 1
+        fi
+    done
+
+    for dir in "${prefix_blocked[@]}"; do
+        if [[ "$cwd" == "$dir" || "$cwd" == "$dir/"* ]]; then
+            error "Refusing to mount $cwd as workspace — system directory."
+            error "cd into a project subdirectory first."
+            exit 1
+        fi
+    done
+
+    echo "--volume ${cwd}:/workspace:z"
 }

 # ─── Compose wrapper ──────────────────────────────────────────────────────────