Module Name: src
Committed By: pooka
Date: Mon Feb 7 22:04:36 UTC 2011
Modified Files:
src/lib/librump: rump_sp.7
Log Message:
add some notes on access control
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/lib/librump/rump_sp.7
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/librump/rump_sp.7
diff -u src/lib/librump/rump_sp.7:1.3 src/lib/librump/rump_sp.7:1.4
--- src/lib/librump/rump_sp.7:1.3 Tue Jan 25 14:05:43 2011
+++ src/lib/librump/rump_sp.7 Mon Feb 7 22:04:36 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: rump_sp.7,v 1.3 2011/01/25 14:05:43 pooka Exp $
+.\" $NetBSD: rump_sp.7,v 1.4 2011/02/07 22:04:36 pooka Exp $
.\"
.\" Copyright (c) 2010 Antti Kantee. All rights reserved.
.\"
@@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd December 16, 2010
+.Dd February 7, 2011
.Dt RUMP_SP 7
.Os
.Sh NAME
@@ -79,6 +79,16 @@
modifying the shell prompt is recommended -- this is analoguous
to the visual clue you have when you login from one machine to
another.
+.Ss Client credentials and access control
+The current scheme gives all connecting clients root credentials.
+It is recommended to take precautions which prevent unauthorized
+access.
+For a unix domain socket it is enough to prevent access to the
+socket using file system permissions.
+For TCP/IP sockets the only available means is to prevent network
+access to the socket with the use of firewalls.
+More fine-grained access control based on cryptographic credentials
+may be implemented at a future date.
.Sh EXAMPLES
Get a list of file systems supported by a rump kernel server
(in case that particular server does not support file systems,
