js · @anthropic-ai/claude-codeHeads-up
@anthropic-ai/claude-code /copy command writes to predictable world-readable path
The `/copy` command wrote responses to `/tmp/claude/response.
What changed
The `/copy` command wrote responses to `/tmp/claude/response.md` without UID isolation, randomness, or symlink protection. The file was world-readable (0644) in a world-traversable directory (0755). Local users could read privileged responses or exploit a symlink attack to overwrite arbitrary files.
Who it affects
Users of @anthropic-ai/claude-code on shared systems where a local unprivileged user exists and a privileged user runs the `/copy` command.
What to do today
Update to the latest version of Claude Code. Users on auto-update are already fixed; manual updaters should update immediately.
The trail
Collected→
Audited→
Written→
Published