emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Some findings and suggestion about Emacs on w32

From: Guy Gascoigne-Piggford
Subject: Re: Some findings and suggestion about Emacs on w32
Date: Mon, 25 Oct 2004 02:00:41 -0700
User-agent: Mozilla Thunderbird 0.8 (Windows/20040913)
Well the way that gnuserve used to deal with this same issue was a) to have the option at build time of unix domain sockets, internet sockets and SYSV messaging.
If you used internet sockets then it would read a file, by default ~/gnu_secure or the like I think, and from that file read a list of IP addresses. If the connecting host wasn't listed in the file then the connection was refused. I seem to remember allowing 127.0.0.1 to be automatically authorised on NT, though it wasn't by default on Unix.
This looks like it deals with the security issue on a single user machine, but still leaves things open on a multi user one.
Perhaps the best solution is to make server-start work in such a way that it can not be connected to remotely, so leave it as is on Unix and make the NT version use tcp restricting connections to localhost only. Then provide something like server-start-net that uses tcp with a loaded list of authorised hosts for those people who want to use it over their network and understand the potential problems and required configuration. 

Guy

Kim F. Storm wrote:


Jason Rumney <address@hidden> writes:


Thanks. I think the main area that needs porting is the use of
unix domain sockets for communicating between emacsclient and the
server. I think there are some security issues with changing to
TCP or UDP sockets (this has been discussed in the past too), so
mailslots are probably the best replacement on Windows.


The problem with TCP is that it may allow access from other users on
the same machine and from other machines in the network.

But it is easy to avoid connections from other machines -- just
use :host "127.0.0.1" when creating the emacs server socket, then
it only listens for connections from the local host.

And on windoze, I don't think there (typically) are that many
other users active at the same time...

Someone else pointed out that the use of a personal firewalls
on Windows should be an problem for using TCP for emacs server.

Actually, I think that it is an advantage, as the firewall will block
external access to the emacs server (as an extra security), but not
interfere with local access (to 127.0.0.1).

If mailslots allow external access bypassing the firewall, I think
that's a big problem speaking against mailslots.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]