doc: lei-security: some more updates

author Eric Wong <e@80x24.org>

Fri, 1 Oct 2021 09:54:37 +0000 (09:54 +0000)

committer Eric Wong <e@80x24.org>

Fri, 1 Oct 2021 12:06:28 +0000 (12:06 +0000)
author Eric Wong <e@80x24.org>
Fri, 1 Oct 2021 09:54:37 +0000 (09:54 +0000)
committer Eric Wong <e@80x24.org>
Fri, 1 Oct 2021 12:06:28 +0000 (12:06 +0000)
diff --git a/Documentation/lei-security.pod b/Documentation/lei-security.pod

index 02305b9055c2898cac88d5fa6b80ca0fe94e6f9e..8cbd8993456893b776087c7f68087f38c4243961 100644 (file)
--- a/Documentation/lei-security.pod
+++ b/Documentation/lei-security.pod
@@ -18,6 +18,9 @@ permissions support.
  It does not use POSIX ACLs, extended attributes, nor any other
  security-related functions which require non-standard Perl modules.
  
+There is preliminary support for "virtual users", but it is
+incomplete and undocumented.
+
  =head1 INTERNAL FILES
  
  lei runs with a umask of 077 to prevent other users on the
@@ -93,7 +96,7 @@ lei uses L<git-credential(1)> to prompt users for IMAP and NNTP
  usernames and passwords.  These passwords are not encrypted in
  memory and get transferred across processes via anonymous UNIX
  sockets and pipes.  They may be exposed via syscall tracing
-tools (e.g. L<strace(1)>).
+tools (e.g. L<strace(1)>), kernel and hardware bugs/attacks.
  
  While credentials are not written to the filesystem by default,
  it is possible for them to end up on disk if processes are
author	Eric Wong <e@80x24.org>
	Fri, 1 Oct 2021 09:54:37 +0000 (09:54 +0000)
committer	Eric Wong <e@80x24.org>
	Fri, 1 Oct 2021 12:06:28 +0000 (12:06 +0000)