left4me

History

mwiegand 1df811e62a spec(hardening): threat model + defenses survey + test plan; pivot handoff Reframe the queued uid-split decision into a broader hardening analysis. Audit found the same-uid attack surface (DB readable from srcds, ptrace allowed, RCON stored plaintext) is closable by either uid split or systemd directive composition; the three specs ground that choice in a threat model, survey the defenses, and lay out a self-contained test plan to run on left4.me next. uid-split spec deferred pending results. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-15 13:07:40 +02:00
..
plans	spec(deploy-dir-rethink): plan + mark adjacent specs resolved	2026-05-15 12:05:53 +02:00
specs	spec(hardening): threat model + defenses survey + test plan; pivot handoff	2026-05-15 13:07:40 +02:00

spec(hardening): threat model + defenses survey + test plan; pivot handoff

Reframe the queued uid-split decision into a broader hardening analysis.
Audit found the same-uid attack surface (DB readable from srcds, ptrace
allowed, RCON stored plaintext) is closable by either uid split or
systemd directive composition; the three specs ground that choice in a
threat model, survey the defenses, and lay out a self-contained test
plan to run on left4.me next. uid-split spec deferred pending results.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-15 13:07:40 +02:00

plans

spec(deploy-dir-rethink): plan + mark adjacent specs resolved

2026-05-15 12:05:53 +02:00

specs

spec(hardening): threat model + defenses survey + test plan; pivot handoff

2026-05-15 13:07:40 +02:00