Socket access control: process ancestry check (#58)
* Socket access control: process ancestry check + file permissions Redesign socket control modes from (off, notifications, full) to (off, cmuxOnly, allowAll): - cmuxOnly (default): uses LOCAL_PEERPID + sysctl process tree walk to verify the connecting process is a descendant of cmux. External processes (SSH, other terminals) are rejected. - allowAll: hidden mode accessible only via CMUX_SOCKET_MODE=allowAll env var, skips ancestry check. Legacy "full"/"notifications" env values map here for backward compat. - off: disables socket entirely. Security hardening: - Server: chmod 0600 on socket after bind (owner-only access) - CLI: stat() ownership check before connect (reject fake sockets) Removes per-command allow-list (isCommandAllowed) — once a process passes the ancestry check, all commands are available. Includes migration for persisted UserDefaults values and env var aliases (cmux_only, cmux-only, allow_all, allow-all). * Add /sync-branch skill for submodule + main sync
This commit is contained in:
Lawrence Chen
GitHub
parent
60978d4d8b
commit
51a67e31fd
8 changed files with 577 additions and 85 deletions
38
.claude/commands/sync-branch.md
Normal file
38
.claude/commands/sync-branch.md
Normal file
|
|
@ -0,0 +1,38 @@
|
|||
# Sync Branch
|
||||
|
||||
Get the current branch ready: update all submodules to their latest remote main, merge from main, and push.
|
||||
|
||||
## Steps
|
||||
|
||||
1. **Update submodules to latest**
|
||||
- For each submodule (ghostty, homebrew-cmux, vendor/bonsplit):
|
||||
- `cd <submodule>`
|
||||
- `git fetch origin`
|
||||
- Check if behind: `git rev-list HEAD..origin/main --count`
|
||||
- If behind, merge: `git merge origin/main --no-edit`
|
||||
- For ghostty specifically, push the merge to the fork: `git push origin HEAD:main`
|
||||
- Verify with: `git merge-base --is-ancestor HEAD origin/main`
|
||||
- Go back to repo root
|
||||
|
||||
2. **Commit submodule updates on main**
|
||||
- `git checkout main && git pull origin main`
|
||||
- Check if any submodules changed: `git diff --name-only` (look for submodule paths)
|
||||
- If changed, stage and commit: `git add ghostty homebrew-cmux vendor/bonsplit && git commit -m "Update submodules: <brief description>"`
|
||||
- Push main: `git push origin main`
|
||||
|
||||
3. **Rebase current branch on main**
|
||||
- `git checkout <original-branch>`
|
||||
- `git rebase main`
|
||||
- If conflicts, resolve them and continue
|
||||
- Force push if branch was already pushed: `git push --force-with-lease origin <branch>`
|
||||
|
||||
4. **Report status**
|
||||
- Show what submodules were updated and by how many commits
|
||||
- Show if rebase was clean or had conflicts
|
||||
- Show current branch and commit
|
||||
|
||||
## Notes
|
||||
|
||||
- Never commit a submodule pointer in the parent repo unless the submodule commit is reachable from the submodule's remote main (per CLAUDE.md pitfall about orphaned commits)
|
||||
- If no submodules need updating and main has no new commits, just say "Already up to date"
|
||||
- If on main already, skip step 3
|
||||
Loading…
Add table
Add a link
Reference in a new issue