user/dev discussion of public-inbox itself
 help / color / mirror / code / Atom feed
From: Eric Wong <>
Subject: [PATCH 1/9] doc: lei-security: some more updates
Date: Fri,  1 Oct 2021 09:54:37 +0000	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

Virtual users will probably be used for read-write IMAP/JMAP
support.  The potential for various kernel/hardware bugs and
attacks also needs to be highlighted.
 Documentation/lei-security.pod | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Documentation/lei-security.pod b/Documentation/lei-security.pod
index 02305b9055c2..8cbd89934568 100644
--- a/Documentation/lei-security.pod
+++ b/Documentation/lei-security.pod
@@ -18,6 +18,9 @@ permissions support.
 It does not use POSIX ACLs, extended attributes, nor any other
 security-related functions which require non-standard Perl modules.
+There is preliminary support for "virtual users", but it is
+incomplete and undocumented.
 lei runs with a umask of 077 to prevent other users on the
@@ -93,7 +96,7 @@ lei uses L<git-credential(1)> to prompt users for IMAP and NNTP
 usernames and passwords.  These passwords are not encrypted in
 memory and get transferred across processes via anonymous UNIX
 sockets and pipes.  They may be exposed via syscall tracing
-tools (e.g. L<strace(1)>).
+tools (e.g. L<strace(1)>), kernel and hardware bugs/attacks.
 While credentials are not written to the filesystem by default,
 it is possible for them to end up on disk if processes are

  reply	other threads:[~2021-10-01  9:54 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-01  9:54 [PATCH 0/9] daemon-related things Eric Wong
2021-10-01  9:54 ` Eric Wong [this message]
2021-10-01  9:54 ` [PATCH 2/9] listener: switch to level-triggered epoll Eric Wong
2021-10-01  9:54 ` [PATCH 3/9] daemon: make SO_ACCEPTFILTER a shared variable Eric Wong
2021-10-01  9:54 ` [PATCH 4/9] ipc: run Net::SSLeay::randomize Eric Wong
2021-10-01  9:54 ` [PATCH 5/9] ds: simplify signalfd use Eric Wong
2021-10-01  9:54 ` [PATCH 6/9] inbox: inline and eliminate git_cleanup Eric Wong
2021-10-01  9:54 ` [PATCH 7/9] inbox: keep DB handles if git processes are live Eric Wong
2021-10-01  9:54 ` [PATCH 8/9] ds: inline set_cloexec Eric Wong
2021-10-01  9:54 ` [PATCH 9/9] doc: lei-daemon: new manpage Eric Wong
2021-10-02  0:19   ` Kyle Meyer
2021-10-02  8:08     ` Eric Wong
2021-10-04  3:16       ` Kyle Meyer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

  List information:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).