viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

t3code: harden dispatch — dedicated user + validated t3-mint + scoped sudoers

Browse source 
Run t3-dispatch as an unprivileged dedicated user instead of wizard (who has
full sudo). Privileged minting goes through /usr/local/bin/t3-mint, which
validates the target against /etc/ttyd-user-map before minting as that user;
sudoers permits t3-dispatch to run only that wrapper. Compromise of the
network-facing service can mint pairing tokens for mapped users at most.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin 2026-06-01 22:40:53 +00:00
parent 0472f67d49
commit 9f551e3c13
4 changed files with 26 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

6
scripts/sudoers-t3-autopair Normal file
View file

@ -0,0 +1,6 @@
# The t3-dispatch service (unprivileged user t3-dispatch) may run ONLY the
# t3-mint wrapper, as root. t3-mint validates the target user against
# /etc/ttyd-user-map and mints a one-time t3 pairing token as that user.
# A compromise of the network-facing dispatch service can therefore mint
# pairing tokens for already-mapped users at most — never arbitrary root.
t3-dispatch ALL=(root) NOPASSWD: /usr/local/bin/t3-mint