diff --git a/SECURITY.md b/SECURITY.md index 94b4d79b..814612e0 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -23,13 +23,27 @@ If your local system is infected to an extent where malicious programs can modif file system and other installed programs like X-Pipe, then there is no technical way of preventing malicious programs to also infect X-Pipe and the connected systems as well. -Any underlying remote connection command-line program should be secure. -If for example your SSH connection is susceptible to MITM attacks, or +## Reliance on other programs + +X-Pipe essentially outsources any form of connection and shell handling to your existing command-line tools. +It does not come with any remote handling capabilities of its own. +Therefore, any used command-line program should be secure. +If for example your `ssh` command-line program or its connections are susceptible to MITM attacks or vulnerable in any other way, there is no way for X-Pipe to keep the sensitive information secure. -As X-Pipe completely outsources any connection handling to your command-line tools, -it is your responsibility to keep them up to date with security patches and more. +It is your responsibility to use the programs in a secure environment and keep them up to date with security patches and +more. X-Pipe can only be as secure as your underlying command-line tools itself. +X-Pipe calls these programs almost exactly as you would do manually in your terminal +with some a few additional parameters to automatically pass login information +and adapt the environment to make it work properly. +The called program therefore automatically uses your +system configuration for it, e.g. your system SSH configs. + +X-Pipe does not perform any validation or version checking for the programs it calls. +For example, when establishing an ssh connection through X-Pipe, it will straight up call `ssh user@host `. +It is assumed that this `ssh` executable is secure and the one that you actually want to use. + ## Data security and privacy The general approach of X-Pipe can be summarized as follows: @@ -64,7 +78,8 @@ If the program runs on your local system, the data does not leave your local sys If login information is required on a remote system, then that data must be transferred to that remote system. In case a program accepts password input via stdin, this process is relatively straightforward. -Then the passed sensitive information is just written into the stdin of the program and does not show up in any history or file system. +Then the passed sensitive information is just written into the stdin of the program and does not show up in any history +or file system. When a program only accepts password input via an environment variable or an askpass program, a self deleting password supplier script file is generated by X-Pipe.