about summary refs log tree commit homepage
path: root/Documentation/lei-security.pod
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation/lei-security.pod')
-rw-r--r--Documentation/lei-security.pod17
1 files changed, 13 insertions, 4 deletions
diff --git a/Documentation/lei-security.pod b/Documentation/lei-security.pod
index 02305b90..e54cae90 100644
--- a/Documentation/lei-security.pod
+++ b/Documentation/lei-security.pod
@@ -4,7 +4,7 @@ lei - security information
 
 =head1 SYNOPSIS
 
-L<lei(1)> is intended for use with both publicly-archived
+L<lei(1)> is intended for use with both publicly archived
 and "private" mail in personal mailboxes.  This document is
 intended to give an overview of security implications and
 lower^Wmanage user expectations.
@@ -18,6 +18,9 @@ permissions support.
 It does not use POSIX ACLs, extended attributes, nor any other
 security-related functions which require non-standard Perl modules.
 
+There is preliminary support for "virtual users", but it is
+incomplete and undocumented.
+
 =head1 INTERNAL FILES
 
 lei runs with a umask of 077 to prevent other users on the
@@ -61,11 +64,17 @@ public-facing L<public-inbox-daemon(8)> processes.  They may
 reside on shared storage and may be made world-readable to
 other users on the local system.
 
+=head1 CORE DUMPS
+
+In case any process crashes, a core dump may contain passwords or
+contents of sensitive messages.  Please report these so they can be
+fixed (see L</CONTACT>).
+
 =head1 NETWORK ACCESS
 
 lei currently uses the L<curl(1)> and L<git(1)> executables in
 C<$PATH> for HTTP and HTTPS network access.  Interactive
-authentication for HTTP and HTTPS is not-yet-supported since all
+authentication for HTTP and HTTPS is not yet supported since all
 currently supported HTTP/HTTPS sources are L<PublicInbox::WWW>
 instances.
 
@@ -74,7 +83,7 @@ L<Net::NNTP> (standard library) is used for NNTP and NNTPS.
 
 L<Mail::IMAPClient> and L<Net::NNTP> will use L<IO::Socket::SSL>
 for TLS if available.  In turn, L<IO::Socket::SSL> uses the
-widely-installed OpenSSL library.
+widely installed OpenSSL library.
 
 STARTTLS will be attempted if advertised by the server
 unless IMAPS or NNTPS are used.  C<-c imap.starttls=0>
@@ -93,7 +102,7 @@ lei uses L<git-credential(1)> to prompt users for IMAP and NNTP
 usernames and passwords.  These passwords are not encrypted in
 memory and get transferred across processes via anonymous UNIX
 sockets and pipes.  They may be exposed via syscall tracing
-tools (e.g. L<strace(1)>).
+tools (e.g. L<strace(1)>), kernel and hardware bugs/attacks.
 
 While credentials are not written to the filesystem by default,
 it is possible for them to end up on disk if processes are