tmux is not a really security program. If someone has access to your account to do "tmux attach" the game is already over. They can ptrace tmux and undo the locking or on Linux play games with /proc.
I am not particularly excited by the idea of giving everyone a false sense of security by adding some mickey mouse password prompt to tmux. To do it properly tmux would have to be setuid and that would be a much bigger potential security hole. On Thu, Dec 08, 2011 at 09:56:32PM +0400, Avatar wrote: > Exactly. We are using tmux the same way with open connection to 200 > servers and don't want anybody to take one. That's the problem to solve. > Could you improve it? > > On Wed, Dec 7, 2011 at 7:16 PM, Sylvain Rabot > <[1]sylvain.ra...@f-secure.com> wrote: > > Hi, > On Mon, 2010-08-23 at 20:32 +0100, Thomas Adam wrote: > > [ Adding this back to the tmux mailing-list. *Don't cull the Cc list, > > please! ] > > > > On Mon, Aug 23, 2010 at 04:07:51PM +0400, Avatar wrote: > > > That means if I have working session can anybody take one from local > server? > > > Hmm, strange. But how can I make locked session at all so that > nobody > > > can take one without authorization? > > > > You'd have to do something like this: > > > > tmux -Lmypersonalserver > > > > ... and ensure for the socket created thereon, that you set the > permissions > > on it such that only you had access to it. > > > > Paranoia isn't healthy. > > I'm sorry but I use would like to use tmux to handle lots of ssh > connections and I don't think I'm paranoid when I want to prevent an > attacker to gain access to all my servers because he gained access to my > bouncer server and attached a tmux session. Without strong session > locking tmux is unusable in a production environment. > > > > > -- Thomas Adam > > > -- > Sylvain Rabot <[2]sylvain.ra...@f-secure.com> > > -- > Rgrds, Pavel Morozov > > References > > Visible links > 1. mailto:sylvain.ra...@f-secure.com > 2. mailto:sylvain.ra...@f-secure.com > ------------------------------------------------------------------------------ > Cloud Services Checklist: Pricing and Packaging Optimization > This white paper is intended to serve as a reference, checklist and point of > discussion for anyone considering optimizing the pricing and packaging model > of a cloud services business. Read Now! > http://www.accelacomm.com/jaw/sfnl/114/51491232/ > _______________________________________________ > tmux-users mailing list > tmux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tmux-users ------------------------------------------------------------------------------ Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ _______________________________________________ tmux-users mailing list tmux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tmux-users
