[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Some findings and suggestion about Emacs on w32
From: |
Kim F. Storm |
Subject: |
Re: Some findings and suggestion about Emacs on w32 |
Date: |
Mon, 25 Oct 2004 11:29:33 +0200 |
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/21.3.50 (gnu/linux) |
Guy Gascoigne-Piggford <address@hidden> writes:
> Well the way that gnuserve used to deal with this same issue was a) to
> have the option at build time of unix domain sockets, internet
> sockets and SYSV messaging.
You should modify emacsclient.c so that if AF_UNIX (primary choice) is
not available, it should use TCP. SYSV messaging is not an option
anymore.
>
> If you used internet sockets then it would read a file, by default
> ~/gnu_secure or the like I think, and from that file read a list of IP
> addresses. If the connecting host wasn't listed in the file then the
> connection was refused. I seem to remember allowing 127.0.0.1 to be
> automatically authorised on NT, though it wasn't by default on Unix.
If using TCP, accept 127.0.0.1 and nothing else (for now).
>
> This looks like it deals with the security issue on a single user
> machine, but still leaves things open on a multi user one.
Right. Stefan proposed a solution with a secret key that should be
exchanged between client and server; you would need to put that key
into a file that can only be read by the user.
I don't think we need to do this for 21.4 -- as the fix is only used
on (mostly) single user windoze.
>
> Perhaps the best solution is to make server-start work in such a way
> that it can not be connected to remotely, so leave it as is on Unix
> and make the NT version use tcp restricting connections to localhost
> only.
Yes, that's the primary task. And it should be fairly trivial.
FYI- In emacs server (Lisp side), you can use
(featurep 'make-network-process '(:family local))
to check whether unix sockets are supported -- if not, fallback to
using TCP from localhost.
> Then provide something like server-start-net that uses tcp with
> a loaded list of authorised hosts for those people who want to use it
> over their network and understand the potential problems and required
> configuration.
Indeed, there are all sorts of problems allowing external access like
that. For 21.4 we do NOT want to address those issues!
FYI- With a TCP socket, you can use (process-contact proc :remote) to
get the ip address of the remote client; you can then compare that to
the list of accepted addresses. [proc is the client process that is
created when emacsserver accepts the connection from the client].
--
Kim F. Storm <address@hidden> http://www.cua.dk
- Re: Some findings and suggestion about Emacs on w32, (continued)
- Re: Some findings and suggestion about Emacs on w32, Jason Rumney, 2004/10/23
- Re: Some findings and suggestion about Emacs on w32, Guy Gascoigne-Piggford, 2004/10/23
- Re: Some findings and suggestion about Emacs on w32, Lennart Borgman, 2004/10/23
- Re: Some findings and suggestion about Emacs on w32, Jason Rumney, 2004/10/24
- Re: Some findings and suggestion about Emacs on w32, Kim F. Storm, 2004/10/24
- Re: Some findings and suggestion about Emacs on w32, Dhruva Krishnamurthy, 2004/10/25
- Re: Some findings and suggestion about Emacs on w32, Lennart Borgman, 2004/10/25
- Re: Some findings and suggestion about Emacs on w32, Stefan, 2004/10/24
- Re: Some findings and suggestion about Emacs on w32, Kim F. Storm, 2004/10/25
- Re: Some findings and suggestion about Emacs on w32, Guy Gascoigne-Piggford, 2004/10/25
- Re: Some findings and suggestion about Emacs on w32,
Kim F. Storm <=
- Re: Some findings and suggestion about Emacs on w32, Dhruva Krishnamurthy, 2004/10/25
- Re: Some findings and suggestion about Emacs on w32, Stefan, 2004/10/25
- Re: Some findings and suggestion about Emacs on w32, Kim F. Storm, 2004/10/25
- Re: Some findings and suggestion about Emacs on w32, Stefan, 2004/10/25