Fixes bug where allowed_peer_gids was populated from config but never checked during authorization, creating false sense of security. Changes: - authorizePeer() now checks GIDs in addition to UIDs - Peer authorized if UID OR GID matches allowlist - Debug logging shows which rule granted access (UID vs GID) - Full test coverage for GID-based authorization Security benefit: GID-based policies now actually enforced as administrators expect. Related to security audit 2025-11-07. Co-authored-by: Codex <codex@openai.com> |
||
|---|---|---|
| .. | ||
| hashpw | ||
| pulse | ||
| pulse-docker-agent | ||
| pulse-host-agent | ||
| pulse-sensor-proxy | ||