From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Ted Zlatanov <tzz@lifelogs.com>
Newsgroups: gmane.emacs.devel
Subject: Re: Emacs RPC
Date: Sun, 24 Apr 2011 21:05:56 -0500
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos
Message-ID: <8739l7gk57.fsf@lifelogs.com>
References: <m3ipu4u7bv.fsf@quimbies.gnus.org>
	<874o5ny2cw.fsf@stupidchicken.com> <m3mxjfedgo.fsf@quimbies.gnus.org>
	<87pqobgm6y.fsf@lifelogs.com> <m3y62z9l49.fsf@quimbies.gnus.org>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: dough.gmane.org 1303697186 1216 80.91.229.12 (25 Apr 2011 02:06:26 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Mon, 25 Apr 2011 02:06:26 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Apr 25 04:06:22 2011
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([140.186.70.17])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1QEBBu-00005G-Au
	for ged-emacs-devel@m.gmane.org; Mon, 25 Apr 2011 04:06:22 +0200
Original-Received: from localhost ([::1]:35049 helo=lists2.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1QEBBt-00073q-QY
	for ged-emacs-devel@m.gmane.org; Sun, 24 Apr 2011 22:06:21 -0400
Original-Received: from eggs.gnu.org ([140.186.70.92]:35307)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1QEBBp-00073l-8M
	for emacs-devel@gnu.org; Sun, 24 Apr 2011 22:06:20 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1QEBBk-0000UM-Ms
	for emacs-devel@gnu.org; Sun, 24 Apr 2011 22:06:17 -0400
Original-Received: from lo.gmane.org ([80.91.229.12]:50287)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1QEBBk-0000UF-FI
	for emacs-devel@gnu.org; Sun, 24 Apr 2011 22:06:12 -0400
Original-Received: from list by lo.gmane.org with local (Exim 4.69)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1QEBBi-0008U9-SD
	for emacs-devel@gnu.org; Mon, 25 Apr 2011 04:06:10 +0200
Original-Received: from c-67-186-102-106.hsd1.il.comcast.net ([67.186.102.106])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Mon, 25 Apr 2011 04:06:10 +0200
Original-Received: from tzz by c-67-186-102-106.hsd1.il.comcast.net with local (Gmexim
	0.1 (Debian)) id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Mon, 25 Apr 2011 04:06:10 +0200
X-Injected-Via-Gmane: http://gmane.org/
Original-Lines: 30
Original-X-Complaints-To: usenet@dough.gmane.org
X-Gmane-NNTP-Posting-Host: c-67-186-102-106.hsd1.il.comcast.net
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
	d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
	D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
User-Agent: Gnus/5.110016 (No Gnus v0.16) Emacs/24.0.50 (gnu/linux)
Cancel-Lock: sha1:QLt0QtVolP2FfgU2uYc94omWN7M=
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3)
X-Received-From: 80.91.229.12
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: </archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:138697
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/138697>

On Mon, 25 Apr 2011 03:26:46 +0200 Lars Magne Ingebrigtsen <larsi@gnus.org> wrote: 

LMI> Ted Zlatanov <tzz@lifelogs.com> writes:
>> Please, please implement this securely from the start.  emacsclient is
>> terribly insecure and we don't need to repeat that.

LMI> The network connection isn't encrypted, but how is emacsclient insecure
LMI> otherwise?  You have to pass the (shared) secret to the server to get it
LMI> to do anything.

The server executes anything passed to it.  There's no verification that
the content came from a trusted client beyond the shared secret.  I'm
suggesting more granular permissions that work across operating systems
and don't require NFS mounts (have you ever set up a NFS mount to a W32
machine?  it's painful... and expensive...)

The permissions should be applied at the procedure level, so different
procedures can be authorized and authenticated differently.

But encryption would be nice too, hence my GnuTLS suggestion.  90% of
the code is already in Emacs.

LMI> In any case, it's rather an orthogonal issue.  I see no reason why the
LMI> in-Emacs RPC should be more secure than the command line RPC.

...because the command-line RPC can then use the in-Emacs RPC and
improve security for everyone.  It would (IMHO) make emacsclient and
in-Emacs RPC real, viable RPC mechanisms.  Right now they can't be.

Ted