fix(security): add session key auth to TUI mode TCP listener#207
Closed
Mike-7777777 wants to merge 1 commit into
Closed
fix(security): add session key auth to TUI mode TCP listener#207Mike-7777777 wants to merge 1 commit into
Mike-7777777 wants to merge 1 commit into
Conversation
The session key authentication introduced in psmux#5 was only applied to server (detached) mode. TUI (interactive) mode accepted TCP commands without authentication, allowing any local process to execute arbitrary commands via new-window, split-window, or source-file. This commit mirrors the server mode auth pattern in app.rs: - Generate a random session key at TUI startup (server/mod.rs:334-342) - Store it on AppState so keybindings using send_control_to_port() can authenticate back to the TCP listener (server/mod.rs:344) - Write the key to ~/.psmux/<session>.key (server/mod.rs:348-349) - Apply Windows file permission hardening (server/mod.rs:357-366) - Require AUTH <key> as the first line of every TCP connection, reject unauthenticated or invalid connections (server/connection.rs:38-57) Fixes psmux#206 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
d19dd4e to
7df5feb
Compare
Owner
psmux
added a commit
that referenced
this pull request
Apr 26, 2026
…imination Named Buffers (-b name): - set-buffer -b name, show-buffer -b name, delete-buffer -b name, paste-buffer -b name - Independent HashMap storage separate from positional buffer stack - list-buffers shows both positional and named buffers - Format variables (buffer_name, buffer_size, buffer_sample) support named buffer override libtmux Native API Compatibility: - Handle \ session ID targets (e.g. -t \) — treat as current session - Handle @n window ID targets via FocusWindowById/FocusWindowByIdTemp - list-panes -t @n now correctly lists panes of the targeted window - list-windows -t \ works (session ID ignored, uses current session) - Enables libtmux Server.sessions, .windows, .panes to work natively PR #207 Workaround Elimination (all 6 workarounds proven unnecessary): - WA1: list-sessions -F format flag works correctly - WA2: Concatenated -Fformat syntax works - WA3: has-session with = prefix for exact matching - WA4: Environment variable propagation via set-environment - WA5: Named buffers for concurrent buffer operations - WA6: Bracketed paste mode support Tests: - 22 Rust unit tests for named buffers - 11 Rust unit tests for PR207 compat - 12 E2E PowerShell tests for named buffers - 22 E2E PowerShell tests for PR207 compat - 26 E2E workaround elimination tests - 33 Python tests (25 subprocess + 8 libtmux native API)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds session key authentication to the TUI (interactive) mode TCP control listener, which was missed when auth was introduced for server (detached) mode in #5.
Fixes #206
What Changed
src/app.rs— single file, 53 lines added:server/mod.rs:334-342AppState(used by keybindingsend_control_to_port()calls)server/mod.rs:344~/.psmux/<session>.keyserver/mod.rs:348-349#[cfg(windows)]file permission hardeningserver/mod.rs:357-366AUTH <key>on every TCP connection; reject invalid/missing authserver/connection.rs:38-57Every change directly mirrors existing server mode code. No new patterns introduced.
Why
The TCP listener in TUI mode accepted commands like
new-windowandsplit-window(which spawn arbitrary processes) without authentication. Any local process that could read the.portfile could execute commands as the psmux user. See #206 for full analysis, PoC, and scope.Test plan
cargo check— zero errors, zero warningscargo test— 2568 tests passed, 0 failed (7 test suites)psmuxin TUI mode → verify~/.psmux/<session>.keyis createdpsmux send-keysfrom another terminal → works (client reads.key, sends AUTH)🤖 Generated with Claude Code