Fatal Security Issue #15

maltefiala · 2013-05-11T00:14:37Z

If multiple users are logged in on the same server forwarding the same port, files opened via rmate get sent to the user who logged in first.

sorbits · 2013-05-11T03:05:27Z

If you use rmate with a system that other people login to, you should change the default port and check that setting up the tunnel was succesful before calling ‘rmate’.

While still vulnerable for receiving other peoples’ files, this isn’t something I plan to address, as it is not enabled by default.

You are welcome to submit a pull request that will address the issue. I guess the simplest approach would be to introduce a shared secret that would have to be entered in TextMate and ‘rmate’ would prompt for, if not found among the provided settings.

On May 11, 2013, at 7:14, malte notifications@github.com wrote:

If multiple users are logged in on the same server forwarding the same port, files opened via rmate get sent to the user who logged in first.

—

Reply to this email directly or view it on GitHub.

sorbits closed this as completed May 11, 2013

This was referenced Jun 5, 2015

Security issue: rmate window of a colleague appears on my screen #32

Closed

Added an option to connect through a UNIX socket #38

Closed

randy3k mentioned this issue Jul 18, 2016

Multiple users randy3k/remote-atom#32

Closed

randy3k mentioned this issue Nov 30, 2016

Files opening on different computer on same network randy3k/remote-atom#37

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fatal Security Issue #15

Fatal Security Issue #15

maltefiala commented May 11, 2013

sorbits commented May 11, 2013

Fatal Security Issue #15

Fatal Security Issue #15

Comments

maltefiala commented May 11, 2013

sorbits commented May 11, 2013