From fe9b1752526e106de9b1b00da3b23d9d23690d98 Mon Sep 17 00:00:00 2001
From: Jim Garlick <garlick.jim@gmail.com>
Date: Thu, 17 Oct 2024 14:08:05 -0700
Subject: [PATCH] rfc15: IMP input no longer uses stdin

Problem: the RFC states that the IMP takes its input on stdin
to avoid placing sensitive data on the command line, but stdin
is no longer used for this.

Now the IMP obtains its input by calling a helper program provided
by the instance instead of stdin.  The helper is run from the
unprivileged part of the IMP.

For now, just drop the incorrect detail which wasn't necessary
in that part of the text anyway.

See also: flux-framework/flux-security#163
---
 spec_15.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/spec_15.rst b/spec_15.rst
index 08a20a70..fe4123e2 100644
--- a/spec_15.rst
+++ b/spec_15.rst
@@ -122,8 +122,8 @@ design
    which MAY be installed with setuid permissions in cases where multi-user
    Flux is required.
 
--  The IMP SHALL accept and process data using stdin, to avoid putting
-   sensitive data on the command line or environment.
+-  The IMP SHALL avoid putting sensitive data on the command line or
+   environment.
 
 Implementation of the IMP as a separately installed, setuid executable
 allows sysadmin control over where and how the IMP is enabled. If the