marketing-shibata50/cmux
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
cmux/GhosttyTabsUITests/AutomationSocketUITests.swift
Lawrence Chen 51a67e31fd
Socket access control: process ancestry check (#58) 
* Socket access control: process ancestry check + file permissions

Redesign socket control modes from (off, notifications, full) to
(off, cmuxOnly, allowAll):

- cmuxOnly (default): uses LOCAL_PEERPID + sysctl process tree walk to
  verify the connecting process is a descendant of cmux. External
  processes (SSH, other terminals) are rejected.
- allowAll: hidden mode accessible only via CMUX_SOCKET_MODE=allowAll
  env var, skips ancestry check. Legacy "full"/"notifications" env
  values map here for backward compat.
- off: disables socket entirely.

Security hardening:
- Server: chmod 0600 on socket after bind (owner-only access)
- CLI: stat() ownership check before connect (reject fake sockets)

Removes per-command allow-list (isCommandAllowed) — once a process
passes the ancestry check, all commands are available.

Includes migration for persisted UserDefaults values and env var
aliases (cmux_only, cmux-only, allow_all, allow-all).

* Add /sync-branch skill for submodule + main sync
2026-02-18 01:09:24 -08:00

112 lines
3.7 KiB
Swift
Raw Blame History

import XCTest
import Foundation
final class AutomationSocketUITests: XCTestCase {
private var socketPath = ""
private let defaultsDomain = "com.cmuxterm.app.debug"
private let modeKey = "socketControlMode"
private let legacyKey = "socketControlEnabled"
override func setUp() {
super.setUp()
continueAfterFailure = false
socketPath = "/tmp/cmux-debug-\(UUID().uuidString).sock"
resetSocketDefaults()
removeSocketFile()
}
func testSocketToggleDisablesAndEnables() {
let app = XCUIApplication()
app.launchArguments += ["-\(modeKey)", "cmuxOnly"]
app.launchEnvironment["CMUX_SOCKET_PATH"] = socketPath
app.launch()
app.activate()
guard let resolvedPath = resolveSocketPath(timeout: 5.0) else {
XCTFail("Expected control socket to exist")
return
}
socketPath = resolvedPath
XCTAssertTrue(waitForSocket(exists: true, timeout: 2.0))
app.terminate()
}
func testSocketDisabledWhenSettingOff() {
let app = XCUIApplication()
app.launchArguments += ["-\(modeKey)", "off"]
app.launchEnvironment["CMUX_SOCKET_PATH"] = socketPath
app.launch()
app.activate()
XCTAssertTrue(waitForSocket(exists: false, timeout: 3.0))
app.terminate()
}
private func waitForSocket(exists: Bool, timeout: TimeInterval) -> Bool {
let deadline = Date().addingTimeInterval(timeout)
while Date() < deadline {
if FileManager.default.fileExists(atPath: socketPath) == exists {
return true
}
RunLoop.current.run(until: Date().addingTimeInterval(0.05))
}
return FileManager.default.fileExists(atPath: socketPath) == exists
}
private func resolveSocketPath(timeout: TimeInterval) -> String? {
let deadline = Date().addingTimeInterval(timeout)
while Date() < deadline {
if FileManager.default.fileExists(atPath: socketPath) {
return socketPath
}
if let found = findSocketInTmp() {
return found
}
RunLoop.current.run(until: Date().addingTimeInterval(0.05))
}
if FileManager.default.fileExists(atPath: socketPath) {
return socketPath
}
return findSocketInTmp()
}
private func findSocketInTmp() -> String? {
let tmpPath = "/tmp"
guard let entries = try? FileManager.default.contentsOfDirectory(atPath: tmpPath) else {
return nil
}
let matches = entries.filter { $0.hasPrefix("cmux") && $0.hasSuffix(".sock") }
if let debug = matches.first(where: { $0.contains("debug") }) {
return (tmpPath as NSString).appendingPathComponent(debug)
}
if let first = matches.first {
return (tmpPath as NSString).appendingPathComponent(first)
}
return nil
}
private func resetSocketDefaults() {
let process = Process()
process.executableURL = URL(fileURLWithPath: "/usr/bin/defaults")
process.arguments = ["delete", defaultsDomain, modeKey]
do {
try process.run()
process.waitUntilExit()
} catch {
return
}
let legacy = Process()
legacy.executableURL = URL(fileURLWithPath: "/usr/bin/defaults")
legacy.arguments = ["delete", defaultsDomain, legacyKey]
do {
try legacy.run()
legacy.waitUntilExit()
} catch {
return
}
}
private func removeSocketFile() {
try? FileManager.default.removeItem(atPath: socketPath)
}
}
Reference in a new issue View git blame Copy permalink