[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Emacs RPC security
From: |
Ted Zlatanov |
Subject: |
Re: Emacs RPC security |
Date: |
Mon, 02 May 2011 20:12:28 -0500 |
User-agent: |
Gnus/5.110016 (No Gnus v0.16) Emacs/24.0.50 (gnu/linux) |
On Tue, 03 May 2011 02:51:28 +0200 Lars Magne Ingebrigtsen <address@hidden>
wrote:
LMI> Ted Zlatanov <address@hidden> writes:
>> Is the mechanism used for evaluating code remotely, or only locally?
>> In other words, can it be accessed over the network?
LMI> It's for evaluating code remotely over the network.
On Mon, 02 May 2011 21:35:46 -0300 Stefan Monnier <address@hidden> wrote:
>> I'm saying the problem is that server.el doesn't know if you're offering
>> services just to yourself or to others as well, so you can't say it's OK
>> to be less secure for personal use.
SM> server.el offers full service only.
Yes, I know! I think it should at *least* have the option to limit the
access at the entry point when the code is eval-ed. In Common Lisp you
can disable many of the Lisp reader's options that evaluate code, but I
don't know how the Emacs Lisp reader can do that.
SM> If you give access to it to someone else than yourself, it's your
SM> mistake, not server.el.
As I keep trying to explain, you don't know who is on the other end
because there is *no* authentication, or rather it's binary: you have
the shared secret or you don't.
At least let's associate a shared secret with an access level, so we do
not allow full access all the time. The access level can be a list of
function symbols that can be called, for instance.
Ted
- Re: Gnus ERT tests inside Emacs, (continued)
Re: Emacs RPC security, Julien Danjou, 2011/05/02
Re: Emacs RPC security, Ted Zlatanov, 2011/05/02
- Re: Emacs RPC security, Stefan Monnier, 2011/05/02
- Re: Emacs RPC security, Ted Zlatanov, 2011/05/02
- Re: Emacs RPC security, Lars Magne Ingebrigtsen, 2011/05/02
- Re: Emacs RPC security, Ted Zlatanov, 2011/05/02
- Re: Emacs RPC security, Lars Magne Ingebrigtsen, 2011/05/02
- Re: Emacs RPC security,
Ted Zlatanov <=
- Re: Emacs RPC security, Lars Magne Ingebrigtsen, 2011/05/02
- Re: Emacs RPC security, Ted Zlatanov, 2011/05/02
- Re: Emacs RPC security, Lars Magne Ingebrigtsen, 2011/05/02
Re: Emacs RPC security, Stefan Monnier, 2011/05/02
Re: Emacs RPC security, Harald Hanche-Olsen, 2011/05/03
Re: Emacs RPC security, Stefan Monnier, 2011/05/03
Re: Emacs RPC security, Stefan Monnier, 2011/05/02