From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: X-Spam-Status: No, score=-4.0 required=3.0 tests=ALL_TRUSTED,BAYES_00 shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id BADCF1F934 for ; Fri, 1 Oct 2021 09:54:45 +0000 (UTC) From: Eric Wong To: meta@public-inbox.org Subject: [PATCH 1/9] doc: lei-security: some more updates Date: Fri, 1 Oct 2021 09:54:37 +0000 Message-Id: <20211001095445.9326-2-e@80x24.org> In-Reply-To: <20211001095445.9326-1-e@80x24.org> References: <20211001095445.9326-1-e@80x24.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit List-Id: Virtual users will probably be used for read-write IMAP/JMAP support. The potential for various kernel/hardware bugs and attacks also needs to be highlighted. --- Documentation/lei-security.pod | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Documentation/lei-security.pod b/Documentation/lei-security.pod index 02305b9055c2..8cbd89934568 100644 --- a/Documentation/lei-security.pod +++ b/Documentation/lei-security.pod @@ -18,6 +18,9 @@ permissions support. It does not use POSIX ACLs, extended attributes, nor any other security-related functions which require non-standard Perl modules. +There is preliminary support for "virtual users", but it is +incomplete and undocumented. + =head1 INTERNAL FILES lei runs with a umask of 077 to prevent other users on the @@ -93,7 +96,7 @@ lei uses L to prompt users for IMAP and NNTP usernames and passwords. These passwords are not encrypted in memory and get transferred across processes via anonymous UNIX sockets and pipes. They may be exposed via syscall tracing -tools (e.g. L). +tools (e.g. L), kernel and hardware bugs/attacks. While credentials are not written to the filesystem by default, it is possible for them to end up on disk if processes are