about summary refs log tree commit homepage
path: root/Documentation
diff options
authorEric Wong <e@80x24.org>2021-10-01 09:54:37 +0000
committerEric Wong <e@80x24.org>2021-10-01 12:06:28 +0000
commit8234b8bb76c3ec98466435ab0c84301ae9788ca0 (patch)
tree41bf8a607086b2bad7a6cb17217e2d15de312803 /Documentation
parentaf774d3bb0d728f2f37c418b8c3e215f1d4d860f (diff)
Virtual users will probably be used for read-write IMAP/JMAP
support.  The potential for various kernel/hardware bugs and
attacks also needs to be highlighted.
Diffstat (limited to 'Documentation')
1 files changed, 4 insertions, 1 deletions
diff --git a/Documentation/lei-security.pod b/Documentation/lei-security.pod
index 02305b90..8cbd8993 100644
--- a/Documentation/lei-security.pod
+++ b/Documentation/lei-security.pod
@@ -18,6 +18,9 @@ permissions support.
 It does not use POSIX ACLs, extended attributes, nor any other
 security-related functions which require non-standard Perl modules.
+There is preliminary support for "virtual users", but it is
+incomplete and undocumented.
 lei runs with a umask of 077 to prevent other users on the
@@ -93,7 +96,7 @@ lei uses L<git-credential(1)> to prompt users for IMAP and NNTP
 usernames and passwords.  These passwords are not encrypted in
 memory and get transferred across processes via anonymous UNIX
 sockets and pipes.  They may be exposed via syscall tracing
-tools (e.g. L<strace(1)>).
+tools (e.g. L<strace(1)>), kernel and hardware bugs/attacks.
 While credentials are not written to the filesystem by default,
 it is possible for them to end up on disk if processes are