Pulse

vrr/Pulse

Fork 0

mirror of https://github.com/rcourtman/Pulse.git synced 2026-04-28 19:41:17 +00:00

Commit graph

Author	SHA1	Message	Date
rcourtman	734cebb4dc	feat(security): Implement GID authorization enforcement Fixes bug where allowed_peer_gids was populated from config but never checked during authorization, creating false sense of security. Changes: - authorizePeer() now checks GIDs in addition to UIDs - Peer authorized if UID OR GID matches allowlist - Debug logging shows which rule granted access (UID vs GID) - Full test coverage for GID-based authorization Security benefit: GID-based policies now actually enforced as administrators expect. Related to security audit 2025-11-07. Co-authored-by: Codex <codex@openai.com>	2025-11-07 17:09:16 +00:00
rcourtman	e4c3b06f14	Automate sensor proxy container mount and auth	2025-10-14 12:41:48 +00:00

Author

SHA1

Message

Date

rcourtman

734cebb4dc

feat(security): Implement GID authorization enforcement

Fixes bug where allowed_peer_gids was populated from config but never
checked during authorization, creating false sense of security.

Changes:
- authorizePeer() now checks GIDs in addition to UIDs
- Peer authorized if UID OR GID matches allowlist
- Debug logging shows which rule granted access (UID vs GID)
- Full test coverage for GID-based authorization

Security benefit: GID-based policies now actually enforced as
administrators expect.

Related to security audit 2025-11-07.

Co-authored-by: Codex <codex@openai.com>

2025-11-07 17:09:16 +00:00

rcourtman

e4c3b06f14

Automate sensor proxy container mount and auth

2025-10-14 12:41:48 +00:00

2 commits