[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Emacs RPC security

From: Ted Zlatanov
Subject: Re: Emacs RPC security
Date: Mon, 02 May 2011 14:56:46 -0500
User-agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.50 (gnu/linux)

On Mon, 02 May 2011 16:48:17 -0300 Stefan Monnier <address@hidden> wrote: 

>> I already mentioned that given GnuTLS, we can associate client-side SSL
>> certificates with particular functions, so we authenticate on the
>> certificates and authorize based on the (certificate, function)
>> combination.  This seems to me much better, even if "orthogonal," than
>> the current "come visit my server and run anything you like" approach.

SM> I think this is pushing server.el where it shouldn't go.  It's not meant
SM> as "Emacs as a server for whichever network service you can think of",
SM> but just "use your own Emacs from other processes".  If you want your
SM> Emacs to offer services to various users (rather than just to yourself),
SM> then you'll want to implement your own (probably based on GNUtls).

I'm saying the problem is that server.el doesn't know if you're offering
services just to yourself or to others as well, so you can't say it's OK
to be less secure for personal use.  Knowledge of the shared key is
sufficient.  Plus there is no authorization granularity so the shared
key grants full access.  Am I missing or misunderstanding something?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]