-
Notifications
You must be signed in to change notification settings - Fork 17
Expand file tree
/
Copy pathsecurity.yaml
More file actions
46 lines (40 loc) · 1.16 KB
/
security.yaml
File metadata and controls
46 lines (40 loc) · 1.16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# Secure MCP Shell Configuration
# This configuration uses the new secure execution model that prevents command injection
security:
# Enable security features
enabled: true
# Use secure execution (disable shell interpretation)
# This prevents command injection through shell metacharacters
use_shell_execution: false
# Allowed executables - only these commands can be executed
# Use absolute paths for maximum security, or command names for PATH lookup
allowed_executables:
- "ls"
- "pwd"
- "whoami"
- "date"
- "echo"
- "cat"
- "grep"
- "find"
- "wc"
- "head"
- "tail"
- "sort"
- "uniq"
- "/usr/bin/git"
- "/usr/bin/python3"
- "/bin/bash" # Only allow if you trust the arguments
# Legacy settings (deprecated but kept for backwards compatibility)
# These are ignored when use_shell_execution is false
allowed_commands: []
blocked_commands: []
blocked_patterns: []
# Execution limits
max_execution_time: "30s"
max_output_size: 1048576 # 1MB
# Security context
working_directory: "/tmp"
run_as_user: "" # Leave empty to run as current user
# Logging
audit_log: true