summaryrefslogtreecommitdiff
path: root/design-documents
diff options
context:
space:
mode:
authorThien-Thi Nguyen <ttn@gnuvola.org>2021-01-11 00:18:27 -0500
committerThien-Thi Nguyen <ttn@gnuvola.org>2021-01-11 00:18:27 -0500
commit02a00c78cfae37e18c613d606ef24b92df927dc3 (patch)
tree595ab7539c2608fce0f95f3696eb7a6ac46e8441 /design-documents
parentf58e345828204e96339d9b50ad650d5236706b29 (diff)
downloaddocs-02a00c78cfae37e18c613d606ef24b92df927dc3.tar.gz
docs-02a00c78cfae37e18c613d606ef24b92df927dc3.tar.bz2
docs-02a00c78cfae37e18c613d606ef24b92df927dc3.zip
add subsection "Socket permission details"
This reflects the result of an email discussion between FD and CG.
Diffstat (limited to 'design-documents')
-rw-r--r--design-documents/010-exchange-helpers.rst6
1 files changed, 6 insertions, 0 deletions
diff --git a/design-documents/010-exchange-helpers.rst b/design-documents/010-exchange-helpers.rst
index a299948..a304d8e 100644
--- a/design-documents/010-exchange-helpers.rst
+++ b/design-documents/010-exchange-helpers.rst
@@ -42,6 +42,12 @@ running under a different user ID (UID), creating in effect a software
security module. The exchange's HTTP process will be required to interact
with those helpers via a UNIX domain socket.
+Socket permission details:
+
+* The socket will be chmod 0620 (u+rw, g+w) regardless of umask.
+* That the group is the same group of the crypto helpers must
+ still be ensured by the operator.
+
General design details:
* The helpers will process requests from the exchange to sign and revoke keys.