docs(security): #5 fixed + on-box validated (RTX box, 2026-06-29)

15/18 now fixed; no finding remains open and actionable. SDDL scoped to
SYSTEM+LocalService, validated live (6943-frame DualSense+IDD session works;
non-SYSTEM OpenFileMapping now ACCESS_DENIED). See e59fa60.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

design/security-review-2026-06-28.md

@@ -26,7 +26,7 @@ remedy, are deferred/accepted with a reason.
 | #2 | High | **FIXED** (`6f903f7`, *Win CI/box pending*) — mgmt token written via `write_secret_file` (SYSTEM/Admins DACL) |
 | #3 | High | **FIXED** (`6f903f7`, *Win CI/box pending*) — config dir DACL-locked + re-owned; `host.env` locked. Residual: a host.env planted before the very first DACL apply is still loaded (an owner-check on load is a noted follow-up) |
 | #4 | High→Med | **FIXED** (`3532e35`) — RTSP/PLAY gated on a paired `/launch` + bound to the launching peer's IP |
-| #5 | Med | **DEFERRED** — the shared-section SDDL is permissive for a restricted-token UMDF driver; scoping it needs on-box validation to avoid breaking the live-validated gamepad/IDD pipeline |
+| #5 | Med | **FIXED + on-box validated** (`e59fa60`, 2026-06-29) — section SDDL scoped to `D:(A;;GA;;;SY)(A;;GA;;;LS)`. The "restricted-token" premise was wrong: the WUDFHost token is LocalService, SYSTEM integrity, **zero** restricted SIDs. Validated live on the RTX box — a DualSense+IDD session works (6943 frames, HID round-trip; pf_dualsense + pf_vdisplay WUDFHosts both LocalService) while `OpenFileMapping` from a non-SYSTEM admin session now returns ACCESS_DENIED (was a granted handle under `WD`) |
 | #6 | Med | **FIXED** (`3532e35`) — EIS relay moved to `$XDG_RUNTIME_DIR` (0700) + symlink reject |
 | #7 | Med→Low | **FIXED** (`3532e35`) — `vdisplay::ENV_LOCK` serializes setup-path env mutation (data-race UB closed); full per-session `SessionContext` threading for value-confusion is a follow-up |
 | #8 | Low | **FIXED** (`6f903f7`, *Win CI/box pending*) — web-password file created empty → locked → written |
@@ -42,8 +42,9 @@ remedy, are deferred/accepted with a reason.
 | S6 | Low→Info | **FIXED** (`3532e35`) — shared mic mpsc bounded (drop-newest) |
 | S7 | Low→Info | **ACKNOWLEDGED** — `rsa 0.9` Marvin has no fixed upstream release; GameStream is off by default and this is a signing (not decryption-oracle) path. Migrate the GameStream identity to Ed25519/ECDSA when feasible |
 
-**Net:** 14 of 18 fixed (5 Linux-verified clusters + 4 Windows DACL paths awaiting CI/box); #5
+**Net:** 15 of 18 fixed — 5 Linux-verified clusters, 4 Windows DACL paths (#2/#3/#8/#11, awaiting CI),
-deferred pending on-box validation; #9/#13 accepted-with-rationale; S7 acknowledged (no upstream fix).
+and #5 (now on-box validated on the RTX box, 2026-06-29); #9/#13 accepted-with-rationale; S7
+acknowledged (no upstream fix). No finding remains open and actionable.
 
 ## Consolidated overview & top priorities