Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/lib/librump add some notes on access control
details: https://anonhg.NetBSD.org/src/rev/ab82dae0ff2a
branches: trunk
changeset: 761791:ab82dae0ff2a
user: pooka <pooka%NetBSD.org@localhost>
date: Mon Feb 07 22:04:36 2011 +0000
description:
add some notes on access control
diffstat:
lib/librump/rump_sp.7 | 14 ++++++++++++--
1 files changed, 12 insertions(+), 2 deletions(-)
diffs (35 lines):
diff -r 81131c1a1bd5 -r ab82dae0ff2a lib/librump/rump_sp.7
--- a/lib/librump/rump_sp.7 Mon Feb 07 21:39:47 2011 +0000
+++ b/lib/librump/rump_sp.7 Mon Feb 07 22:04:36 2011 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: rump_sp.7,v 1.3 2011/01/25 14:05:43 pooka Exp $
+.\" $NetBSD: rump_sp.7,v 1.4 2011/02/07 22:04:36 pooka Exp $
.\"
.\" Copyright (c) 2010 Antti Kantee. All rights reserved.
.\"
@@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd December 16, 2010
+.Dd February 7, 2011
.Dt RUMP_SP 7
.Os
.Sh NAME
@@ -79,6 +79,16 @@
modifying the shell prompt is recommended -- this is analoguous
to the visual clue you have when you login from one machine to
another.
+.Ss Client credentials and access control
+The current scheme gives all connecting clients root credentials.
+It is recommended to take precautions which prevent unauthorized
+access.
+For a unix domain socket it is enough to prevent access to the
+socket using file system permissions.
+For TCP/IP sockets the only available means is to prevent network
+access to the socket with the use of firewalls.
+More fine-grained access control based on cryptographic credentials
+may be implemented at a future date.
.Sh EXAMPLES
Get a list of file systems supported by a rump kernel server
(in case that particular server does not support file systems,
Home |
Main Index |
Thread Index |
Old Index