Is your feature request related to a problem? Please describe.
Any Windows application running under the current user session can freely read and write the entire WSL filesystem via \wsl$\ with no prompt, no warning, and no way to block it per-app. This means a malicious or compromised Windows app can silently attack sensitive files like SSH keys, .env files, and credentials stored inside WSL
Describe the solution you'd like
A Windows-level permission system for WSL filesystem access, similar to how Windows already does with Camera, Microphone, and Location. Specifically:
A toggle in Windows Security / Privacy & Security settings to control which apps can access the WSL filesystem
Untrusted or unrecognized apps should prompt the user before being allowed to read or write \wsl$\
Describe alternatives you've considered
Controlled Folder Access — only blocks writes, not reads. Does not fully address the threat.
Disabling automount in wsl.conf — only restricts Linux-side access to Windows drives, not the other way around.
Additional context
As WSL adoption grows among developers who store secrets and credentials inside their Linux environment, the lack of any access boundary between the Windows session and the WSL filesystem is a real security gap. Developers expect that files inside their Linux home directory are isolated from arbitrary Windows processes, but currently they are not.
Is your feature request related to a problem? Please describe.
Any Windows application running under the current user session can freely read and write the entire WSL filesystem via \wsl$\ with no prompt, no warning, and no way to block it per-app. This means a malicious or compromised Windows app can silently attack sensitive files like SSH keys, .env files, and credentials stored inside WSL
Describe the solution you'd like
A Windows-level permission system for WSL filesystem access, similar to how Windows already does with Camera, Microphone, and Location. Specifically:
A toggle in Windows Security / Privacy & Security settings to control which apps can access the WSL filesystem
Untrusted or unrecognized apps should prompt the user before being allowed to read or write \wsl$\
Describe alternatives you've considered
Controlled Folder Access — only blocks writes, not reads. Does not fully address the threat.
Disabling automount in wsl.conf — only restricts Linux-side access to Windows drives, not the other way around.
Additional context
As WSL adoption grows among developers who store secrets and credentials inside their Linux environment, the lack of any access boundary between the Windows session and the WSL filesystem is a real security gap. Developers expect that files inside their Linux home directory are isolated from arbitrary Windows processes, but currently they are not.