manpages: Update description, add security section - checkpassword-ng - Uniform password checking interface for applications

commit: ef5fed245b9f1cf7eadb7bb50f799d8f8afe9d7c
parent 6af392c004c287007566dc8a2b5f538d11844bd2
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Wed, 28 Apr 2021 05:00:54 +0200

manpages: Update description, add security section

Diffstat:
M checkpassword.8 37 ++++++++++++++++---------------------
M chkpw.3 8 ++++++++

2 files changed, 24 insertions(+), 21 deletions(-)
diff --git a/checkpassword.8 b/checkpassword.8
@@ -25,30 +25,17 @@ possibly more data (also ignored)
 .El
 .Pp
 .Nm
-is for applications where separating authentication to a small optionally setuid-root process makes sense.
-Typically this is:
-.Bl -bullet -compact
-.It
-screen lockers
-.It
-display managers (where root/UID-0 is excluded)
-.It
-critical user-consent dialogs
-.It
-daemons wanting to use regular logins (consider ssh-keys though)
-.El
+is for applications that typically shouldn't effectively run as root like screen lockers, for others you might want to directly use
+.Xr 3 chkpw
 .Pp
-Out-of-scope applications are:
-.Bl -tag -width Ds -compact
-.It sudo, doas, …
-These applications typically allow to login as root and would only widen their attack surface by using a separated process.
-A library would be a better fit for them.
-.El
-.Pp
-Client applications are highly recommended to use a restricted
+Client applications are highly recommended use a restricted
 .Ev PATH
-or a direct path to
+or a direct path to launch
 .Nm .
+It is also recommended to give a restricted
+.Ev PATH
+or a direct path for
+.Ar prog .
 .Sh ENVIRONMENT VARIABLES
 Ignored in this implementation, used in others to pass options.
 .Sh EXIT STATUS
@@ -67,6 +54,14 @@ runs
 .Ar prog .
 .Sh SEE ALSO
 .Lk https://cr.yp.to/checkpwd/interface.html The checkpassword interface
+.Sh BUGS
+Please send all bugs to
+.Mt contact+chkpw@hacktivis.me
+.Pp
+For security bugs you can encrypt the email with
+.Xr reop 1 ,
+my public key is found at:
+.Lk https://hacktivis.me/reop.pub
 .Sh Author
 This implementation of
 .Nm
diff --git a/chkpw.3 b/chkpw.3
@@ -32,5 +32,13 @@ which doesn't requires your application to be running with special privileges.
 returns
 .Aq NULL
 on success, on failure it returns an error message to be passed to the user.
+.Sh BUGS
+Please send all bugs to
+.Mt contact+chkpw@hacktivis.me
+.Pp
+For security bugs you can encrypt the email with
+.Xr reop 1 ,
+my public key is found at:
+.Lk https://hacktivis.me/reop.pub
 .Sh Author
 .An Haelwenn (lanodan) Monnier Aq Mt contact+chkpw@hacktivis.me

M	checkpassword.8	37	++++++++++++++++---------------------
M	chkpw.3	8	++++++++