studio/marathon
2
0
Fork 0
Code Issues 121 Pull Requests Actions Packages Projects Releases Wiki Activity

Add security controls for Unix domain socket control interface in release builds #135

New Issue
Open
opened 2025-12-24 00:31:05 +00:00 by siennathesane · 1 comment
siennathesane commented 2025-12-24 00:31:05 +00:00 (Migrated from github.com)
Copy Link

Context

We're adding a Unix domain socket control interface to allow programmatic control of the engine without needing screen access (e.g., sending events, triggering actions). Currently this will be debug-only.

Future Work

For release builds, we need proper security controls:

  1. Authentication: Verify that connections are authorized

    • Token-based auth
    • Or filesystem permissions + ownership checks

  2. Feature flag: Make socket opt-in for production

    • Add control-socket feature flag
    • Disabled by default in release builds

  3. Rate limiting: Prevent abuse from malicious local processes

  4. Audit logging: Track all control commands sent through socket

  5. Command allowlist: Restrict which operations can be performed remotely

Non-Goals (for now)

  • Network-based control (intentionally local-only)
  • Complex permission models

Acceptance Criteria

  • Socket disabled by default in release builds
  • Feature flag to enable socket in production if desired
  • Basic authentication mechanism
  • Documentation on secure socket usage
## Context We're adding a Unix domain socket control interface to allow programmatic control of the engine without needing screen access (e.g., sending events, triggering actions). Currently this will be debug-only. ## Future Work For release builds, we need proper security controls: 1. **Authentication**: Verify that connections are authorized - Token-based auth - Or filesystem permissions + ownership checks 2. **Feature flag**: Make socket opt-in for production - Add control-socket feature flag - Disabled by default in release builds 3. **Rate limiting**: Prevent abuse from malicious local processes 4. **Audit logging**: Track all control commands sent through socket 5. **Command allowlist**: Restrict which operations can be performed remotely ## Non-Goals (for now) - Network-based control (intentionally local-only) - Complex permission models ## Acceptance Criteria - [ ] Socket disabled by default in release builds - [ ] Feature flag to enable socket in production if desired - [ ] Basic authentication mechanism - [ ] Documentation on secure socket usage
siennathesane commented 2026-03-20 20:44:06 +00:00
Member
Copy Link

Test comment from sunbeam pm

Test comment from sunbeam pm
siennathesane self-assigned this 2026-03-20 21:14:16 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
area/audio
Spatial audio engine, sound playback, audio mixing, music systems, 3D audio positioning
 area/content
Art assets, models, textures, audio files, dialogue trees, narrative content, game data
 area/core
Foundation systems, memory management, math libraries, data structures, core utilities
 area/docs
Documentation, technical specs, RFCs, architecture decisions, API docs, tutorials, guides
 area/infrastructure
Deployment pipelines, hosting, cloud services, monitoring, logging, DevOps, releases
 area/networking
iroh P2P, CRDT sync, gossip protocol, network replication, connection management
 area/platform
iOS/macOS platform code, cross-platform abstractions, input handling, OS integration
 area/rendering
Graphics pipeline, Bevy rendering, shaders, materials, lighting, cameras, meshes, textures
 area/rfc
RFC proposals, design discussions, architecture planning, feature specifications
 area/simulation
Agent systems, NPC behaviors, AI, game mechanics, interactions, simulation logic
 area/tooling
Build systems, CI/CD pipelines, development tools, code generation, testing infrastructure
 area/ui-ux
User interface, menus, HUD elements, input feedback, screen layouts, navigation
 dependencies
Pull requests that update a dependency file
 epic
Large body of work spanning multiple features
 rust
Pull requests that update rust code
No Label area/networking
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
gitea_admin siennathesane
No Assignees siennathesane
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: studio/marathon#135
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?