From 60fae47c6e677b9f864ac7e51118cf41607fb45d Mon Sep 17 00:00:00 2001
From: Richard Feldman <oss@rtfeldman.com>
Date: Sun, 8 Mar 2026 21:44:42 -0700
Subject: [PATCH] Escape paths in SBPL profile to prevent sandbox injection

Paths interpolated into the macOS Seatbelt SBPL profile were not
escaped, allowing a crafted path containing double-quote characters
to inject arbitrary SBPL rules and potentially disable the sandbox.

Add sbpl_escape() which escapes backslash and double-quote characters
in path strings before interpolation into SBPL literal and subpath
forms.
---
 crates/terminal/src/sandbox_macos.rs | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/crates/terminal/src/sandbox_macos.rs b/crates/terminal/src/sandbox_macos.rs
index 9a751676cf356b75069eed83e269024e08101bad..35ec29fffca07b840030d6cb208aa885d573421e 100644
--- a/crates/terminal/src/sandbox_macos.rs
+++ b/crates/terminal/src/sandbox_macos.rs
@@ -108,7 +108,11 @@ fn generate_sbpl_profile(config: &SandboxConfig) -> String {
         ] {
             let path = home.join(dotfile);
             if path.exists() {
-                let _ = write!(p, "(allow file-read* (literal \"{}\"))\n", path.display());
+                let _ = write!(
+                    p,
+                    "(allow file-read* (literal \"{}\"))\n",
+                    sbpl_escape(&path)
+                );
             }
         }
         // XDG config directory
@@ -128,10 +132,17 @@ fn generate_sbpl_profile(config: &SandboxConfig) -> String {
     p
 }
 
+fn sbpl_escape(path: &Path) -> String {
+    path.display()
+        .to_string()
+        .replace('\\', "\\\\")
+        .replace('"', "\\\"")
+}
+
 fn write_subpath_rule(p: &mut String, path: &Path, permissions: &str) {
     let _ = write!(
         p,
         "(allow {permissions} (subpath \"{}\"))\n",
-        path.display()
+        sbpl_escape(path)
     );
 }