marketing-shibata50/cmux

Fork 0

Commit graph

Author	SHA1	Message	Date
Lawrence Chen	ea87076fe4	Fix CLI exit code on v1 auth errors	2026-02-22 01:37:42 -08:00
Lawrence Chen	a205028b2e	Strengthen socket access integration coverage Make tests/test_socket_access.py deterministic across environments and add password-mode auth integration checks (v1 and v2).	2026-02-22 01:08:25 -08:00
Lawrence Chen	51a67e31fd	Socket access control: process ancestry check (#58 ) * Socket access control: process ancestry check + file permissions Redesign socket control modes from (off, notifications, full) to (off, cmuxOnly, allowAll): - cmuxOnly (default): uses LOCAL_PEERPID + sysctl process tree walk to verify the connecting process is a descendant of cmux. External processes (SSH, other terminals) are rejected. - allowAll: hidden mode accessible only via CMUX_SOCKET_MODE=allowAll env var, skips ancestry check. Legacy "full"/"notifications" env values map here for backward compat. - off: disables socket entirely. Security hardening: - Server: chmod 0600 on socket after bind (owner-only access) - CLI: stat() ownership check before connect (reject fake sockets) Removes per-command allow-list (isCommandAllowed) — once a process passes the ancestry check, all commands are available. Includes migration for persisted UserDefaults values and env var aliases (cmux_only, cmux-only, allow_all, allow-all). * Add /sync-branch skill for submodule + main sync	2026-02-18 01:09:24 -08:00

Author

SHA1

Message

Date

Lawrence Chen

ea87076fe4

Fix CLI exit code on v1 auth errors

2026-02-22 01:37:42 -08:00

Lawrence Chen

a205028b2e

Strengthen socket access integration coverage

Make tests/test_socket_access.py deterministic across environments and add password-mode auth integration checks (v1 and v2).

2026-02-22 01:08:25 -08:00

Lawrence Chen

51a67e31fd

Socket access control: process ancestry check (#58 )

* Socket access control: process ancestry check + file permissions

Redesign socket control modes from (off, notifications, full) to
(off, cmuxOnly, allowAll):

- cmuxOnly (default): uses LOCAL_PEERPID + sysctl process tree walk to
  verify the connecting process is a descendant of cmux. External
  processes (SSH, other terminals) are rejected.
- allowAll: hidden mode accessible only via CMUX_SOCKET_MODE=allowAll
  env var, skips ancestry check. Legacy "full"/"notifications" env
  values map here for backward compat.
- off: disables socket entirely.

Security hardening:
- Server: chmod 0600 on socket after bind (owner-only access)
- CLI: stat() ownership check before connect (reject fake sockets)

Removes per-command allow-list (isCommandAllowed) — once a process
passes the ancestry check, all commands are available.

Includes migration for persisted UserDefaults values and env var
aliases (cmux_only, cmux-only, allow_all, allow-all).

* Add /sync-branch skill for submodule + main sync

2026-02-18 01:09:24 -08:00

3 commits