I see your point, probably it's right. We always have to sacrifice
something.

On Thu, Dec 8, 2011 at 10:13 PM, Nicholas Marriott <
nicholas.marri...@gmail.com> wrote:

> tmux is not a really security program.
>
> If someone has access to your account to do "tmux attach" the game is
> already over. They can ptrace tmux and undo the locking or on Linux play
> games with /proc.
>
> I am not particularly excited by the idea of giving everyone a false
> sense of security by adding some mickey mouse password prompt to tmux.
>
> To do it properly tmux would have to be setuid and that would be a much
> bigger potential security hole.
>
>
> On Thu, Dec 08, 2011 at 09:56:32PM +0400, Avatar wrote:
> >    Exactly. We are using tmux the same way with open connection to 200
> >    servers and don't want anybody to take one. That's the problem to
> solve.
> >    Could you improve it?
> >
> >    On Wed, Dec 7, 2011 at 7:16 PM, Sylvain Rabot
> >    <[1]sylvain.ra...@f-secure.com> wrote:
> >
> >      Hi,
> >      On Mon, 2010-08-23 at 20:32 +0100, Thomas Adam wrote:
> >      > [ Adding this back to the tmux mailing-list. *Don't cull the Cc
> list,
> >      > please! ]
> >      >
> >      > On Mon, Aug 23, 2010 at 04:07:51PM +0400, Avatar wrote:
> >      > > That means if I have working session can anybody take one from
> local
> >      server?
> >      > > Hmm, strange. But how can I make locked session at all so that
> >      nobody
> >      > > can take one without authorization?
> >      >
> >      > You'd have to do something like this:
> >      >
> >      > tmux -Lmypersonalserver
> >      >
> >      > ... and ensure for the socket created thereon, that you set the
> >      permissions
> >      > on it such that only you had access to it.
> >      >
> >      > Paranoia isn't healthy.
> >
> >      I'm sorry but I use would like to use tmux to handle lots of ssh
> >      connections and I don't think I'm paranoid when I want to prevent an
> >      attacker to gain access to all my servers because he gained access
> to my
> >      bouncer server and attached a tmux session. Without strong session
> >      locking tmux is unusable in a production environment.
> >
> >      >
> >      > -- Thomas Adam
> >      >
> >      --
> >      Sylvain Rabot <[2]sylvain.ra...@f-secure.com>
> >
> >    --
> >    Rgrds, Pavel Morozov
> >
> > References
> >
> >    Visible links
> >    1. mailto:sylvain.ra...@f-secure.com
> >    2. mailto:sylvain.ra...@f-secure.com
>
> >
> ------------------------------------------------------------------------------
> > Cloud Services Checklist: Pricing and Packaging Optimization
> > This white paper is intended to serve as a reference, checklist and
> point of
> > discussion for anyone considering optimizing the pricing and packaging
> model
> > of a cloud services business. Read Now!
> > http://www.accelacomm.com/jaw/sfnl/114/51491232/
>
> > _______________________________________________
> > tmux-users mailing list
> > tmux-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/tmux-users
>
>


-- 
Rgrds, Pavel Morozov
------------------------------------------------------------------------------
Cloud Services Checklist: Pricing and Packaging Optimization
This white paper is intended to serve as a reference, checklist and point of 
discussion for anyone considering optimizing the pricing and packaging model 
of a cloud services business. Read Now!
http://www.accelacomm.com/jaw/sfnl/114/51491232/
_______________________________________________
tmux-users mailing list
tmux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tmux-users

Reply via email to