diff options
author | Mattias Andrée <maandree@kth.se> | 2017-04-24 12:52:08 +0200 |
---|---|---|
committer | Mattias Andrée <maandree@kth.se> | 2017-04-24 12:52:08 +0200 |
commit | f9d402451b2c4239721d8f70efbd7aeaa2857e8e (patch) | |
tree | 2b95e4ce1153e17e05322c8bd4f94809bd51cdb5 | |
parent | close_files: do not close the fd to the dir whilst reading (diff) | |
download | mds-f9d402451b2c4239721d8f70efbd7aeaa2857e8e.tar.gz mds-f9d402451b2c4239721d8f70efbd7aeaa2857e8e.tar.bz2 mds-f9d402451b2c4239721d8f70efbd7aeaa2857e8e.tar.xz |
Update TODO with security features
Signed-off-by: Mattias Andrée <maandree@kth.se>
-rw-r--r-- | TODO | 25 |
1 files changed, 25 insertions, 0 deletions
@@ -69,6 +69,31 @@ Need testing: vt colour +Security features: + The server should authenticate itself for the clients + This will require that the display server is not + identified by an index by instead by the PID + of the kernel, and that the master server passes + file descriptors to the kernel and let the kernel + sent its credentials to the client to prove that + it is the correct server. Sockets cannot be hijacked + so the server does not need to send its credentials + to the kernel + + Clients should send their credentials upon connection. + Sockets cannot be hijacked so the credentials are + valid forever. + + The server should insert the credentials of each client + a message pass through and why the the message passed + through that client, and whether the message was modified. + + Clients should be able to tell the server who is allowed + to see a message (all that can see are allowed to modify) + based on PID, UID, GID, the permissions, owner and + group of the executable, and the path of the executable, + and possibly other attributes. + Full introspection may be useful for debugging. |