Mastodon Feed: Post

Mastodon Feed

Boosted by glyph ("Glyph"):
jonny@neuromatch.social ("jonny (good kind)") wrote:

FOR EXAMPLE:

In the claude code remote feature it is sometimes possible for the means of passing auth credentials to fail. So claude code has a fallback of writing the API key or OAUTH token to a single well-known file because sometimes one of the several means of inheriting the fucking most important secret information in the entire thing doesn't work.

I'm not a security person but that seems like a pretty bad thing to do that maybe someone should look into.

/** * Well-known token file locations in CCR. The Go environment-manager creates * /home/claude/.claude/remote/ and will (eventually) write these files too. * Until then, this module writes them on successful FD read so subprocesses * spawned inside the CCR container can find the token without inheriting * the FD — which they can't: pipe FDs don't cross tmux/shell boundaries. / const CCR_TOKEN_DIR = '/home/claude/.claude/remote' export const CCR_OAUTH_TOKEN_PATH = ${CCR_TOKEN_DIR}/.oauth_token export const CCR_API_KEY_PATH = ${CCR_TOKEN_DIR}/.api_key export const CCR_SESSION_INGRESS_TOKEN_PATH = ${CCR_TOKEN_DIR}/.session_ingress_token /* * Best-effort write of the token to a well-known location for subprocess * access. CCR-gated: outside CCR there's no /home/claude/ and no reason to * put a token on disk that the FD was meant to keep off disk. */ export function maybePersistTokenForSubprocesses( path: string, token: string, tokenName: string, ): void { if (!isEnvTruthy(process.env.CLAUDE_CODE_REMOTE)) { return } try { mkdirSync(CCR_TOKEN_DIR, { recursive: true, mode: 0o700 }) writeFileSync(path, token, { encoding: 'utf8', mode: 0o600 }) logForDebugging(Persisted ${tokenName} to ${path} for subprocess access) } catch (error) { logForDebugging( Failed to persist ${tokenName} to disk (non-fatal): ${errorMessage(error)}, { level: 'error' }, ) } }
/** * Fallback read from a well-known file. The path only exists in CCR (env-manager * creates the directory), so file-not-found is the expected outcome everywhere * else — treated as "no fallback", not an error. */ export function readTokenFromWellKnownFile( path: string, tokenName: string, ): string | null { try { const fsOps = getFsImplementation() const token = fsOps.readFileSync(path, { encoding: 'utf8' }).trim() if (!token) { return null } logForDebugging(Read ${tokenName} from well-known file ${path}) return token } catch (error) { // ENOENT is the expected outcome outside CCR — stay silent. Anything // else (EACCES from perm misconfig, etc.) is worth surfacing in the // debug log so subprocess auth failures aren't mysterious. if (!isENOENT(error)) { logForDebugging( Failed to read ${tokenName} from ${path}: ${errorMessage(error)}, { level: 'debug' }, ) } return null } }