From f9d402451b2c4239721d8f70efbd7aeaa2857e8e Mon Sep 17 00:00:00 2001 From: Mattias Andrée Date: Mon, 24 Apr 2017 12:52:08 +0200 Subject: Update TODO with security features MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mattias Andrée --- TODO | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/TODO b/TODO index 0a0f0c6..676994d 100644 --- a/TODO +++ b/TODO @@ -69,6 +69,31 @@ Need testing: vt colour +Security features: + The server should authenticate itself for the clients + This will require that the display server is not + identified by an index by instead by the PID + of the kernel, and that the master server passes + file descriptors to the kernel and let the kernel + sent its credentials to the client to prove that + it is the correct server. Sockets cannot be hijacked + so the server does not need to send its credentials + to the kernel + + Clients should send their credentials upon connection. + Sockets cannot be hijacked so the credentials are + valid forever. + + The server should insert the credentials of each client + a message pass through and why the the message passed + through that client, and whether the message was modified. + + Clients should be able to tell the server who is allowed + to see a message (all that can see are allowed to modify) + based on PID, UID, GID, the permissions, owner and + group of the executable, and the path of the executable, + and possibly other attributes. + Full introspection may be useful for debugging. -- cgit v1.2.3-70-g09d2