DONE

Research auth schemes

Result

Use bcrypt, gryphon is too HTTP-centric and scrypt too new.

Sources

• whether to use symmetric or asymmetric auth:
  • consider classic bcrypt or script
  • http://ed25519.cr.yp.to/
  • check Gryphon (which uses Ed25519) too much about HTTP
    • about oauth2/firefox accounts and gryphon: http://seanmonstar.com/post/87709828215/firefox-accounts-oauth-explorations
    • about nacl The security impact of a new cryptographic library
  • about bcrypt rounds and scrypt in OpenBSD http://marc.info/?l=openbsd-tech&m=129249447809163&w=2
  • about bcrypt over scrypt for passwords
  • bcrypt implementation speed bcrypt
  • research bcrypt random seed weakness in different implementations:
    • https://github.com/fpirsch/twin-bcrypt/issues/2
    • https://github.com/dcodeIO/bcrypt.js/issues/16
    • https://github.com/rubycon/isaac.js/issues/2

Research wire protocols

Result

Use BSON with a self implemented BSON wire parser.

Sources

WebSockets can not be passed over IPC (at least not the WebSocket objects created by ws) nor does ws support opening a WebSocket server on a AF_UNIX socket. Consider opening a standard nodejs TCP-server (that supports AF_UNIX sockets) with a simple wire protocol that supports JSON-like objects but extended with a "date"-type.

Research wire protocols that supports binary data as well as date types:

• JSON (no support for binary data and dates) use for auth only so no extra parsing lib is needed in the unprivileged child
  • use symmetric or asymmetric auth with Gryphon (which uses Ed25519)
• BSON (js-bson, buffalo, basalt)
  • BSON blog post http://blog.mongodb.org/post/114440717/bson
  • BSON and Data Interchange http://blog.mongodb.org/post/9333386434/bson-and-data-interchange
  • mailing list https://groups.google.com/forum/#!forum/bson
  • usage example: https://github.com/christkv/mongodb-core/blob/master/lib/topologies/server.js#L455
  • wire protocol parsers:
    • https://github.com/christkv/mongodb-core/blob/master/lib/connection/connection.js
    • https://github.com/EaterOfCode/BSONStream/blob/master/index.js
• Procol Buffers, a schema can probably be used to define a Date type
• MessagePack, no Date type

Research IPC and privilege separation

Find out how to build a network bound privilege separated IPC workflow that can be optimized for local host traffic.

Result

Mastersync privilege separation

Sources

IPC:

• Advanced Programming in the UNIX environment (ch. 15, 16 and 17 on IPC and Unix domain sockets)
• Interprocess Communication in the Ninth Edition Unix System
• https://nikhilm.github.io/uvbook/processes.html#pipes

Privilege separation:

• Preventing Privilege Escalation
• Automating Isolation and Least Privilege in Web Services
• Privman: A Library for Partitioning Applications
• http://marc.info/?l=openbsd-misc&m=126118424426538&w=1 (Chromium privsep)

And checkout the imsg messaging framework:

• ftp://ftp.irisa.fr/pub/OpenBSD/src/lib/libutil/imsg.h
• ftp://ftp.irisa.fr/pub/OpenBSD/src/lib/libutil/imsg.c

Maybe use websockets:

• https://www.npmjs.org/package/ws
• https://www.npmjs.org/package/faye-websocket

Check gryphon and other auth methods (preferably pubkey):

• http://seanmonstar.com/post/87709828215/firefox-accounts-oauth-explorations
• https://github.com/seanmonstar/gryphon
• http://passportjs.org/

Plan

• let a privileged process read the oplog and spawn Versioned Collection processes with only read access on the oplog to their own collection and write access to their own DAG, all based on MongoDB database auth.