From: Eric Wong <e@80x24.org>
To: meta@public-inbox.org
Subject: [PATCH 1/9] doc: lei-security: some more updates
Date: Fri, 1 Oct 2021 09:54:37 +0000 [thread overview]
Message-ID: <20211001095445.9326-2-e@80x24.org> (raw)
In-Reply-To: <20211001095445.9326-1-e@80x24.org>
Virtual users will probably be used for read-write IMAP/JMAP
support. The potential for various kernel/hardware bugs and
attacks also needs to be highlighted.
---
Documentation/lei-security.pod | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/Documentation/lei-security.pod b/Documentation/lei-security.pod
index 02305b9055c2..8cbd89934568 100644
--- a/Documentation/lei-security.pod
+++ b/Documentation/lei-security.pod
@@ -18,6 +18,9 @@ permissions support.
It does not use POSIX ACLs, extended attributes, nor any other
security-related functions which require non-standard Perl modules.
+There is preliminary support for "virtual users", but it is
+incomplete and undocumented.
+
=head1 INTERNAL FILES
lei runs with a umask of 077 to prevent other users on the
@@ -93,7 +96,7 @@ lei uses L<git-credential(1)> to prompt users for IMAP and NNTP
usernames and passwords. These passwords are not encrypted in
memory and get transferred across processes via anonymous UNIX
sockets and pipes. They may be exposed via syscall tracing
-tools (e.g. L<strace(1)>).
+tools (e.g. L<strace(1)>), kernel and hardware bugs/attacks.
While credentials are not written to the filesystem by default,
it is possible for them to end up on disk if processes are
next prev parent reply other threads:[~2021-10-01 9:54 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-01 9:54 [PATCH 0/9] daemon-related things Eric Wong
2021-10-01 9:54 ` Eric Wong [this message]
2021-10-01 9:54 ` [PATCH 2/9] listener: switch to level-triggered epoll Eric Wong
2021-10-01 9:54 ` [PATCH 3/9] daemon: make SO_ACCEPTFILTER a shared variable Eric Wong
2021-10-01 9:54 ` [PATCH 4/9] ipc: run Net::SSLeay::randomize Eric Wong
2021-10-01 9:54 ` [PATCH 5/9] ds: simplify signalfd use Eric Wong
2021-10-01 9:54 ` [PATCH 6/9] inbox: inline and eliminate git_cleanup Eric Wong
2021-10-01 9:54 ` [PATCH 7/9] inbox: keep DB handles if git processes are live Eric Wong
2021-10-01 9:54 ` [PATCH 8/9] ds: inline set_cloexec Eric Wong
2021-10-01 9:54 ` [PATCH 9/9] doc: lei-daemon: new manpage Eric Wong
2021-10-02 0:19 ` Kyle Meyer
2021-10-02 8:08 ` Eric Wong
2021-10-04 3:16 ` Kyle Meyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://public-inbox.org/README
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211001095445.9326-2-e@80x24.org \
--to=e@80x24.org \
--cc=meta@public-inbox.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).