circlecloud/tmux
1
0
Fork 0
mirror of https://github.com/tmux/tmux.git synced 2026-05-30 14:16:18 +00:00
Code Issues Projects Releases Wiki Activity

Tighten up read-only checks on attach-session, detach-client and

Browse Source 
switch-client so that a user should be able to only detach their own
client. Reported by John Walker.
This commit is contained in:
nicm
2026-05-22 15:22:43 +00:00
parent d45a9cad8c
commit 143a177055
3 changed files with 28 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
cmd-attach-session.c
View File

@@ -61,6 +61,7 @@ cmd_attach_session(struct cmdq_item *item, const char *tflag, int dflag,
struct window_pane *wp;
char *cwd, *cause;
enum msgtype msgtype;
uid_t uid;
if (RB_EMPTY(&sessions)) {
cmdq_error(item, "no sessions");
@@ -106,8 +107,16 @@ cmd_attach_session(struct cmdq_item *item, const char *tflag, int dflag,
}
if (fflag)
server_client_set_flags(c, fflag);
if (rflag)
if (rflag) {
if (c->flags & CLIENT_READONLY) {
uid = proc_get_peer_uid(c->peer);
if (uid != getuid()) {
cmdq_error(item, "client is read-only");
return (CMD_RETURN_ERROR);
}
}
c->flags |= (CLIENT_READONLY|CLIENT_IGNORESIZE);
}
c->last_session = c->session;
if (c->session != NULL) {