Re: lock session
Exactly. We are using tmux the same way with open connection to 200 servers and don't want anybody to take one. That's the problem to solve. Could you improve it? On Wed, Dec 7, 2011 at 7:16 PM, Sylvain Rabot wrote: > Hi, > > On Mon, 2010-08-23 at 20:32 +0100, Thomas Adam wrote: > > [ Adding this back to the tmux mailing-list. Don't cull the Cc list, > > please! ] > > > > On Mon, Aug 23, 2010 at 04:07:51PM +0400, Avatar wrote: > > > That means if I have working session can anybody take one from local > server? > > > Hmm, strange. But how can I make locked session at all so that nobody > > > can take one without authorization? > > > > You'd have to do something like this: > > > > tmux -Lmypersonalserver > > > > ... and ensure for the socket created thereon, that you set the > permissions > > on it such that only you had access to it. > > > > Paranoia isn't healthy. > > I'm sorry but I use would like to use tmux to handle lots of ssh > connections and I don't think I'm paranoid when I want to prevent an > attacker to gain access to all my servers because he gained access to my > bouncer server and attached a tmux session. Without strong session > locking tmux is unusable in a production environment. > > > > > -- Thomas Adam > > > > -- > Sylvain Rabot > > -- Rgrds, Pavel Morozov -- Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/___ tmux-users mailing list tmux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tmux-users
Re: lock session
I see your point, probably it's right. We always have to sacrifice something. On Thu, Dec 8, 2011 at 10:13 PM, Nicholas Marriott < nicholas.marri...@gmail.com> wrote: > tmux is not a really security program. > > If someone has access to your account to do "tmux attach" the game is > already over. They can ptrace tmux and undo the locking or on Linux play > games with /proc. > > I am not particularly excited by the idea of giving everyone a false > sense of security by adding some mickey mouse password prompt to tmux. > > To do it properly tmux would have to be setuid and that would be a much > bigger potential security hole. > > > On Thu, Dec 08, 2011 at 09:56:32PM +0400, Avatar wrote: > >Exactly. We are using tmux the same way with open connection to 200 > >servers and don't want anybody to take one. That's the problem to > solve. > >Could you improve it? > > > >On Wed, Dec 7, 2011 at 7:16 PM, Sylvain Rabot > ><[1]sylvain.ra...@f-secure.com> wrote: > > > > Hi, > > On Mon, 2010-08-23 at 20:32 +0100, Thomas Adam wrote: > > > [ Adding this back to the tmux mailing-list. *Don't cull the Cc > list, > > > please! ] > > > > > > On Mon, Aug 23, 2010 at 04:07:51PM +0400, Avatar wrote: > > > > That means if I have working session can anybody take one from > local > > server? > > > > Hmm, strange. But how can I make locked session at all so that > > nobody > > > > can take one without authorization? > > > > > > You'd have to do something like this: > > > > > > tmux -Lmypersonalserver > > > > > > ... and ensure for the socket created thereon, that you set the > > permissions > > > on it such that only you had access to it. > > > > > > Paranoia isn't healthy. > > > > I'm sorry but I use would like to use tmux to handle lots of ssh > > connections and I don't think I'm paranoid when I want to prevent an > > attacker to gain access to all my servers because he gained access > to my > > bouncer server and attached a tmux session. Without strong session > > locking tmux is unusable in a production environment. > > > > > > > > -- Thomas Adam > > > > > -- > > Sylvain Rabot <[2]sylvain.ra...@f-secure.com> > > > >-- > >Rgrds, Pavel Morozov > > > > References > > > >Visible links > >1. mailto:sylvain.ra...@f-secure.com > >2. mailto:sylvain.ra...@f-secure.com > > > > -- > > Cloud Services Checklist: Pricing and Packaging Optimization > > This white paper is intended to serve as a reference, checklist and > point of > > discussion for anyone considering optimizing the pricing and packaging > model > > of a cloud services business. Read Now! > > http://www.accelacomm.com/jaw/sfnl/114/51491232/ > > > ___ > > tmux-users mailing list > > tmux-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/tmux-users > > -- Rgrds, Pavel Morozov -- Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/___ tmux-users mailing list tmux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tmux-users
Re: lock session
tmux is not a really security program. If someone has access to your account to do "tmux attach" the game is already over. They can ptrace tmux and undo the locking or on Linux play games with /proc. I am not particularly excited by the idea of giving everyone a false sense of security by adding some mickey mouse password prompt to tmux. To do it properly tmux would have to be setuid and that would be a much bigger potential security hole. On Thu, Dec 08, 2011 at 09:56:32PM +0400, Avatar wrote: >Exactly. We are using tmux the same way with open connection to 200 >servers and don't want anybody to take one. That's the problem to solve. >Could you improve it? > >On Wed, Dec 7, 2011 at 7:16 PM, Sylvain Rabot ><[1]sylvain.ra...@f-secure.com> wrote: > > Hi, > On Mon, 2010-08-23 at 20:32 +0100, Thomas Adam wrote: > > [ Adding this back to the tmux mailing-list. *Don't cull the Cc list, > > please! ] > > > > On Mon, Aug 23, 2010 at 04:07:51PM +0400, Avatar wrote: > > > That means if I have working session can anybody take one from local > server? > > > Hmm, strange. But how can I make locked session at all so that > nobody > > > can take one without authorization? > > > > You'd have to do something like this: > > > > tmux -Lmypersonalserver > > > > ... and ensure for the socket created thereon, that you set the > permissions > > on it such that only you had access to it. > > > > Paranoia isn't healthy. > > I'm sorry but I use would like to use tmux to handle lots of ssh > connections and I don't think I'm paranoid when I want to prevent an > attacker to gain access to all my servers because he gained access to my > bouncer server and attached a tmux session. Without strong session > locking tmux is unusable in a production environment. > > > > > -- Thomas Adam > > > -- > Sylvain Rabot <[2]sylvain.ra...@f-secure.com> > >-- >Rgrds, Pavel Morozov > > References > >Visible links >1. mailto:sylvain.ra...@f-secure.com >2. mailto:sylvain.ra...@f-secure.com > -- > Cloud Services Checklist: Pricing and Packaging Optimization > This white paper is intended to serve as a reference, checklist and point of > discussion for anyone considering optimizing the pricing and packaging model > of a cloud services business. Read Now! > http://www.accelacomm.com/jaw/sfnl/114/51491232/ > ___ > tmux-users mailing list > tmux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tmux-users -- Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ ___ tmux-users mailing list tmux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tmux-users
