[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Emacs RPC

From: Ted Zlatanov
Subject: Re: Emacs RPC
Date: Sun, 24 Apr 2011 20:21:41 -0500
User-agent: Gnus/5.110016 (No Gnus v0.16) Emacs/24.0.50 (gnu/linux)

On Sun, 24 Apr 2011 20:00:55 +0200 Lars Magne Ingebrigtsen <address@hidden> 

LMI> Originally I was thinking a string (since that's what emacsclient does),
LMI> but I now feel that a Lisp form would be more useful and RPC-ey, and I
LMI> think the return value should also be a Lisp form.

LMI> That is, you'd say

LMI> (server-eval-at "foo" '(+ 1 2))

LMI> and get back

LMI> 3

LMI> That is, `server-eval-at' will do a `read-from-string' on the output it
LMI> gets back from the server, basically.

LMI> Perhaps `eval-at' would be a better name, though?

Please, please implement this securely from the start.  emacsclient is
terribly insecure and we don't need to repeat that.

The communication itself doesn't have to be secure, only signed.  So the
signature could be as simple as a MD5 hash of the data concatenated with
a secret, or a full-blown GPG signature.

You could also use the GnuTLS server facilities (very similar to the
existing client facilities) to check the certificates mutually and
encrypt the connection.  Then you don't need signatures on the content.
The client has to have a client-side SSL certificate to present to the
server, and the server's certificate is checked by the client as well.

Whether you choose to use GnuTLS or something simpler, I hope you agree
there should be something better than "just eval some code and trust
everyone is good" for this facility.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]