mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-05-11 04:43:59 +00:00
9aafa6449f
Implements proper least-privilege model for RPC methods. Previously,
any UID in allowed_peer_uids could call privileged methods, meaning
another service's UID would inherit full host-level control.
Capability System:
- Three levels: read, write, admin
- Per-UID capability assignment via allowed_peers config
- Privileged methods require admin capability
- Backwards compatible with legacy allowed_peer_uids format
Configuration:
allowed_peers:
- uid: 0
capabilities: [read, write, admin] # Root gets all
- uid: 1000
capabilities: [read] # Docker: read-only
- uid: 1001
capabilities: [read, write] # Temps but not key distribution
Security benefit: Services can be granted only the capabilities they
need, preventing unintended privilege escalation.
Related to security audit 2025-11-07.
Co-authored-by: Codex <codex@openai.com>
|
||
|---|---|---|
| .. | ||
| audit.go | ||
| audit_test.go | ||
| auth.go | ||
| auth_test.go | ||
| capabilities.go | ||
| cleanup.go | ||
| config.example.yaml | ||
| config.go | ||
| main.go | ||
| main_test.go | ||
| metrics.go | ||
| ssh.go | ||
| ssh_test.go | ||
| throttle.go | ||
| throttle_test.go | ||
| validation.go | ||
| validation_fuzz_test.go | ||
| validation_test.go | ||