* [PATCH 1/9] doc: lei-security: some more updates
2021-10-01 9:54 6% [PATCH 0/9] daemon-related things Eric Wong
@ 2021-10-01 9:54 7% ` Eric Wong
0 siblings, 0 replies; 2+ results
From: Eric Wong @ 2021-10-01 9:54 UTC (permalink / raw)
To: meta
Virtual users will probably be used for read-write IMAP/JMAP
support. The potential for various kernel/hardware bugs and
attacks also needs to be highlighted.
---
Documentation/lei-security.pod | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/Documentation/lei-security.pod b/Documentation/lei-security.pod
index 02305b9055c2..8cbd89934568 100644
--- a/Documentation/lei-security.pod
+++ b/Documentation/lei-security.pod
@@ -18,6 +18,9 @@ permissions support.
It does not use POSIX ACLs, extended attributes, nor any other
security-related functions which require non-standard Perl modules.
+There is preliminary support for "virtual users", but it is
+incomplete and undocumented.
+
=head1 INTERNAL FILES
lei runs with a umask of 077 to prevent other users on the
@@ -93,7 +96,7 @@ lei uses L<git-credential(1)> to prompt users for IMAP and NNTP
usernames and passwords. These passwords are not encrypted in
memory and get transferred across processes via anonymous UNIX
sockets and pipes. They may be exposed via syscall tracing
-tools (e.g. L<strace(1)>).
+tools (e.g. L<strace(1)>), kernel and hardware bugs/attacks.
While credentials are not written to the filesystem by default,
it is possible for them to end up on disk if processes are
^ permalink raw reply related [relevance 7%]
* [PATCH 0/9] daemon-related things
@ 2021-10-01 9:54 6% Eric Wong
2021-10-01 9:54 7% ` [PATCH 1/9] doc: lei-security: some more updates Eric Wong
0 siblings, 1 reply; 2+ results
From: Eric Wong @ 2021-10-01 9:54 UTC (permalink / raw)
To: meta
5/9 has been a long-time coming, a few other small things, too.
The diff stat for lib/ alone shows a nice reduction
Eric Wong (9):
doc: lei-security: some more updates
listener: switch to level-triggered epoll
daemon: make SO_ACCEPTFILTER a shared variable
ipc: run Net::SSLeay::randomize
ds: simplify signalfd use
inbox: inline and eliminate git_cleanup
inbox: keep DB handles if git processes are live
ds: inline set_cloexec
doc: lei-daemon: new manpage
Documentation/lei-daemon.pod | 61 ++++++++++++++++
Documentation/lei-security.pod | 5 +-
Documentation/lei.pod | 9 ++-
Documentation/lei_design_notes.txt | 2 +-
MANIFEST | 1 +
Makefile.PL | 2 +-
lib/PublicInbox/ConfigIter.pm | 2 +-
lib/PublicInbox/DS.pm | 110 ++++++++++++++---------------
lib/PublicInbox/DSKQXS.pm | 10 +--
lib/PublicInbox/Daemon.pm | 20 ++----
lib/PublicInbox/ExtMsg.pm | 2 +-
lib/PublicInbox/ExtSearchIdx.pm | 12 +---
lib/PublicInbox/Gcf2Client.pm | 4 +-
lib/PublicInbox/Git.pm | 4 +-
lib/PublicInbox/IPC.pm | 5 +-
lib/PublicInbox/Inbox.pm | 41 +++++------
lib/PublicInbox/LEI.pm | 17 +----
lib/PublicInbox/Listener.pm | 5 +-
lib/PublicInbox/Qspawn.pm | 2 +-
lib/PublicInbox/Sigfd.pm | 10 +--
lib/PublicInbox/Syscall.pm | 12 ++--
lib/PublicInbox/Watch.pm | 3 +-
script/public-inbox-watch | 9 ---
t/dir_idle.t | 6 +-
t/ds-leak.t | 4 +-
t/httpd-corner.t | 4 +-
t/httpd-https.t | 6 +-
t/httpd.t | 6 +-
t/imapd-tls.t | 7 +-
t/imapd.t | 6 +-
t/nntpd-tls.t | 7 +-
t/nntpd.t | 2 +-
t/sigfd.t | 7 +-
t/watch_maildir.t | 2 +-
xt/mem-imapd-tls.t | 6 +-
xt/net_writer-imap.t | 2 +-
36 files changed, 221 insertions(+), 192 deletions(-)
create mode 100644 Documentation/lei-daemon.pod
^ permalink raw reply [relevance 6%]
Results 1-2 of 2 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2021-10-01 9:54 6% [PATCH 0/9] daemon-related things Eric Wong
2021-10-01 9:54 7% ` [PATCH 1/9] doc: lei-security: some more updates Eric Wong
Code repositories for project(s) associated with this public inbox
https://80x24.org/public-inbox.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).