search

zolrath / wemux

Multi-User Tmux Made Easy
MIT License
3.63k stars 139 forks source link

Security issue: read-only can be bypassed #36

Closed jomo closed 10 years ago

jomo commented 10 years ago

as host: wemux start => creates new bash session

as client, access denied: wemux => attaches, cannot do anything: Client is read only

as client, bypassing read only: wemux send "any command here" => works. command will be sent to bash session

zolrath commented 10 years ago

https://github.com/zolrath/wemux/commit/971f8c375263f9dd8853f676e3331782c4fbdfdc fixes this! Thank you very much for the report, sorry for the delay!

jomo commented 10 years ago

thanks :)