From be4b567666c0f05a68be01ec20b2e81212a32a2f Mon Sep 17 00:00:00 2001 From: Thien-Thi Nguyen Date: Mon, 11 Jan 2021 00:24:30 -0500 Subject: mention socket perms and same-group requirement This reflects the result of an email discussion between FD and CG. --- taler-exchange-manual.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'taler-exchange-manual.rst') diff --git a/taler-exchange-manual.rst b/taler-exchange-manual.rst index 2d476711..79a3bdf0 100644 --- a/taler-exchange-manual.rst +++ b/taler-exchange-manual.rst @@ -234,6 +234,9 @@ integration support. Functionality ^^^^^^^^^^^^^ +The UNIX domain sockets have mode 0620 (u+rw, g+w). The exchange process +MUST be in the same group as the the crypto helper processes. + The two helper processes will create the required private keys, and allow anyone with access to the UNIX domain socket to sign arbitrary messages with the keys or to inform them about a key being revoked. The helper processes -- cgit v1.2.3