diff options
Diffstat (limited to 'Documentation/lei-security.pod')
-rw-r--r-- | Documentation/lei-security.pod | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/Documentation/lei-security.pod b/Documentation/lei-security.pod index 02305b90..e54cae90 100644 --- a/Documentation/lei-security.pod +++ b/Documentation/lei-security.pod @@ -4,7 +4,7 @@ lei - security information =head1 SYNOPSIS -L<lei(1)> is intended for use with both publicly-archived +L<lei(1)> is intended for use with both publicly archived and "private" mail in personal mailboxes. This document is intended to give an overview of security implications and lower^Wmanage user expectations. @@ -18,6 +18,9 @@ permissions support. It does not use POSIX ACLs, extended attributes, nor any other security-related functions which require non-standard Perl modules. +There is preliminary support for "virtual users", but it is +incomplete and undocumented. + =head1 INTERNAL FILES lei runs with a umask of 077 to prevent other users on the @@ -61,11 +64,17 @@ public-facing L<public-inbox-daemon(8)> processes. They may reside on shared storage and may be made world-readable to other users on the local system. +=head1 CORE DUMPS + +In case any process crashes, a core dump may contain passwords or +contents of sensitive messages. Please report these so they can be +fixed (see L</CONTACT>). + =head1 NETWORK ACCESS lei currently uses the L<curl(1)> and L<git(1)> executables in C<$PATH> for HTTP and HTTPS network access. Interactive -authentication for HTTP and HTTPS is not-yet-supported since all +authentication for HTTP and HTTPS is not yet supported since all currently supported HTTP/HTTPS sources are L<PublicInbox::WWW> instances. @@ -74,7 +83,7 @@ L<Net::NNTP> (standard library) is used for NNTP and NNTPS. L<Mail::IMAPClient> and L<Net::NNTP> will use L<IO::Socket::SSL> for TLS if available. In turn, L<IO::Socket::SSL> uses the -widely-installed OpenSSL library. +widely installed OpenSSL library. STARTTLS will be attempted if advertised by the server unless IMAPS or NNTPS are used. C<-c imap.starttls=0> @@ -93,7 +102,7 @@ lei uses L<git-credential(1)> to prompt users for IMAP and NNTP usernames and passwords. These passwords are not encrypted in memory and get transferred across processes via anonymous UNIX sockets and pipes. They may be exposed via syscall tracing -tools (e.g. L<strace(1)>). +tools (e.g. L<strace(1)>), kernel and hardware bugs/attacks. While credentials are not written to the filesystem by default, it is possible for them to end up on disk if processes are |