From mboxrd@z Thu Jan  1 00:00:00 1970
Path: main.gmane.org!not-for-mail
From: storm@cua.dk (Kim F. Storm)
Newsgroups: gmane.emacs.devel
Subject: Re: Some findings and suggestion about Emacs on w32
Date: Mon, 25 Oct 2004 11:29:33 +0200
Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Message-ID: <m3d5z7cfia.fsf@kfs-l.imdomain.dk>
References: <008d01c4b886$32d07ff0$0200a8c0@sedrcw11488>
	<E1CLMM8-0005BL-Ci@fencepost.gnu.org> <ur7np2usx.fsf@jasonrumney.net>
	<417AA9D8.6080600@wyrdrune.com> <umzyc2tze.fsf@jasonrumney.net>
	<m3oeircho3.fsf@kfs-l.imdomain.dk> <417CC0B9.3030901@wyrdrune.com>
NNTP-Posting-Host: deer.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: sea.gmane.org 1098698228 10215 80.91.229.6 (25 Oct 2004 09:57:08 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Mon, 25 Oct 2004 09:57:08 +0000 (UTC)
Cc: Lennart Borgman <lennart.borgman.073@student.lu.se>, emacs-devel@gnu.org,
	rms@gnu.org, Jason Rumney <jasonr@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Oct 25 11:56:53 2004
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Original-Received: from lists.gnu.org ([199.232.76.165])
	by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian))
	id 1CM1av-0005nP-00
	for <ged-emacs-devel@m.gmane.org>; Mon, 25 Oct 2004 11:56:53 +0200
Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.33)
	id 1CM1iZ-0008Td-1S
	for ged-emacs-devel@m.gmane.org; Mon, 25 Oct 2004 06:04:47 -0400
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.33)
	id 1CM1iH-0008So-1h
	for emacs-devel@gnu.org; Mon, 25 Oct 2004 06:04:29 -0400
Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.33)
	id 1CM1iG-0008S3-E5
	for emacs-devel@gnu.org; Mon, 25 Oct 2004 06:04:28 -0400
Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.33) id 1CM1iF-0008Rq-RR
	for emacs-devel@gnu.org; Mon, 25 Oct 2004 06:04:28 -0400
Original-Received: from [212.88.64.25] (helo=mail-relay.sonofon.dk)
	by monty-python.gnu.org with smtp (Exim 4.34) id 1CM1aE-0005XG-P0
	for emacs-devel@gnu.org; Mon, 25 Oct 2004 05:56:11 -0400
Original-Received: (qmail 68758 invoked from network); 25 Oct 2004 09:29:27 -0000
Original-Received: from unknown (HELO kfs-l.imdomain.dk.cua.dk) (213.83.150.2)
	by 0 with SMTP; 25 Oct 2004 09:29:27 -0000
Original-To: Guy Gascoigne-Piggford <guy@wyrdrune.com>
In-Reply-To: <417CC0B9.3030901@wyrdrune.com> (Guy Gascoigne-Piggford's
	message of "Mon, 25 Oct 2004 02:00:41 -0700")
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/21.3.50 (gnu/linux)
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: main.gmane.org gmane.emacs.devel:28890
X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:28890

Guy Gascoigne-Piggford <guy@wyrdrune.com> writes:

> Well the way that gnuserve used to deal with this same issue was a) to
> have the option at build time of  unix domain sockets, internet
> sockets and SYSV messaging.

You should modify emacsclient.c so that if AF_UNIX (primary choice) is
not available, it should use TCP.  SYSV messaging is not an option
anymore.

>
> If you used internet sockets then it would read a file, by default
> ~/gnu_secure or the like I think, and from that file read a list of IP
> addresses.  If the connecting host wasn't  listed in the file then the
> connection was refused. I seem to remember allowing 127.0.0.1 to be
> automatically authorised on NT, though it wasn't by default on Unix.

If using TCP, accept 127.0.0.1 and nothing else (for now).

>
> This looks like it deals with the security issue on a single user
> machine, but still leaves things open on a multi user one.

Right.  Stefan proposed a solution with a secret key that should be
exchanged between client and server; you would need to put that key
into a file that can only be read by the user.  

I don't think we need to do this for 21.4 -- as the fix is only used
on (mostly) single user windoze.

>
> Perhaps the best solution is to make server-start work in such a way
> that it can not be connected to remotely, so leave it as is on Unix
> and make the NT version use tcp restricting connections to localhost
> only.  

Yes, that's the primary task.  And it should be fairly trivial.

FYI- In emacs server (Lisp side), you can use 

 (featurep 'make-network-process '(:family local))

to check whether unix sockets are supported -- if not, fallback to
using TCP from localhost.

>        Then provide something like server-start-net that uses tcp with
> a loaded list of authorised hosts for those people who want to use it
> over their network and understand the potential problems and required
> configuration.

Indeed, there are all sorts of problems allowing external access like
that.  For 21.4 we do NOT want to address those issues!

FYI- With a TCP socket, you can use (process-contact proc :remote) to
get the ip address of the remote client; you can then compare that to
the list of accepted addresses. [proc is the client process that is
created when emacsserver accepts the connection from the client].

-- 
Kim F. Storm <storm@cua.dk> http://www.cua.dk