[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Emacs RPC security

From: Stefan Monnier
Subject: Re: Emacs RPC security
Date: Mon, 25 Apr 2011 14:35:49 -0300
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux)

>>> Please, please implement this securely from the start.  emacsclient is
>>> terribly insecure and we don't need to repeat that.
SM> Lars's proposal has nothing to do with the network communication level.
> If we're going to provide *RPC*, we should worry about security at all
> levels, not just at the transport level.  Otherwise it's just "run any
> code remotely on an Emacs instance" which doesn't sound as fun, right?

Still unrelated to Lars's proposal.  The corresponding security problem
already exists since Emacs-22.

> 1) authentication: the server should be able to verify the client's
> identity and the client should be able to verify the server's identity.
> This can be accomplished with SSL certificates and GnuTLS or by signing
> each message.

We currently have that via xauth-style cookies for TCP and via
Unix-based access rights for Unix sockets.

Using GnuTLS for the TCP connections could be a good idea as well:
patches welcome.

> 2) authorization: the server should be able to associate each client
> identity with only certain functions it can invoke directly.

When such a need will arise, we will think about it.  In all the cases
I've seen until now, the Emacs server is only used by the same user as
the client, so there's not much point making the security structure
so complicated, right now.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]