X-Git-Url: http://www.git.stargrave.org/?a=blobdiff_plain;f=Documentation%2Flei-security.pod;h=104bfb48a26cd4ffb5493ae02d8638a3f99f675c;hb=1c3d7bd75e2c6f84bd511a17838fa9113c98578c;hp=02305b9055c2898cac88d5fa6b80ca0fe94e6f9e;hpb=3b23743ec90a4cb67dbc0b8bd94cc342c78e7a67;p=public-inbox.git

diff --git a/Documentation/lei-security.pod b/Documentation/lei-security.pod
index 02305b90..104bfb48 100644
--- a/Documentation/lei-security.pod
+++ b/Documentation/lei-security.pod
@@ -18,6 +18,9 @@ permissions support.
 It does not use POSIX ACLs, extended attributes, nor any other
 security-related functions which require non-standard Perl modules.
 
+There is preliminary support for "virtual users", but it is
+incomplete and undocumented.
+
 =head1 INTERNAL FILES
 
 lei runs with a umask of 077 to prevent other users on the
@@ -61,6 +64,12 @@ public-facing L<public-inbox-daemon(8)> processes.  They may
 reside on shared storage and may be made world-readable to
 other users on the local system.
 
+=head1 CORE DUMPS
+
+In case any process crashes, a core dumps may contain passwords or
+contents of sensitive messages.  Please report these so they can be
+fixed (see L</CONTACT>).
+
 =head1 NETWORK ACCESS
 
 lei currently uses the L<curl(1)> and L<git(1)> executables in
@@ -93,7 +102,7 @@ lei uses L<git-credential(1)> to prompt users for IMAP and NNTP
 usernames and passwords.  These passwords are not encrypted in
 memory and get transferred across processes via anonymous UNIX
 sockets and pipes.  They may be exposed via syscall tracing
-tools (e.g. L<strace(1)>).
+tools (e.g. L<strace(1)>), kernel and hardware bugs/attacks.
 
 While credentials are not written to the filesystem by default,
 it is possible for them to end up on disk if processes are