[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-docs] branch master updated (f58e345 -> be4b567)

From: gnunet
Subject: [taler-docs] branch master updated (f58e345 -> be4b567)
Date: Mon, 11 Jan 2021 06:27:03 +0100

This is an automated email from the git hooks/post-receive script.

ttn pushed a change to branch master
in repository docs.

    from f58e345  taler-auditor(1): add opts ‘-c’, ‘-L’, ‘-l’, ‘-T’, ‘-v’
     new 02a00c7  add subsection "Socket permission details"
     new be4b567  mention socket perms and same-group requirement

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

Summary of changes:
 design-documents/010-exchange-helpers.rst | 6 ++++++
 taler-exchange-manual.rst                 | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/design-documents/010-exchange-helpers.rst 
index a299948..a304d8e 100644
--- a/design-documents/010-exchange-helpers.rst
+++ b/design-documents/010-exchange-helpers.rst
@@ -42,6 +42,12 @@ running under a different user ID (UID), creating in effect 
a software
 security module.  The exchange's HTTP process will be required to interact
 with those helpers via a UNIX domain socket.
+Socket permission details:
+* The socket will be chmod 0620 (u+rw, g+w) regardless of umask.
+* That the group is the same group of the crypto helpers must
+  still be ensured by the operator.
 General design details:
 * The helpers will process requests from the exchange to sign and revoke keys.
diff --git a/taler-exchange-manual.rst b/taler-exchange-manual.rst
index 2d47671..79a3bdf 100644
--- a/taler-exchange-manual.rst
+++ b/taler-exchange-manual.rst
@@ -234,6 +234,9 @@ integration support.
+The UNIX domain sockets have mode 0620 (u+rw, g+w).  The exchange process
+MUST be in the same group as the the crypto helper processes.
 The two helper processes will create the required private keys, and allow
 anyone with access to the UNIX domain socket to sign arbitrary messages with
 the keys or to inform them about a key being revoked.  The helper processes

To stop receiving notification emails like this one, please contact

reply via email to

[Prev in Thread] Current Thread [Next in Thread]