From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: Guy Gascoigne-Piggford Newsgroups: gmane.emacs.devel Subject: Re: Some findings and suggestion about Emacs on w32 Date: Mon, 25 Oct 2004 02:00:41 -0700 Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Message-ID: <417CC0B9.3030901@wyrdrune.com> References: <008d01c4b886$32d07ff0$0200a8c0@sedrcw11488> <417AA9D8.6080600@wyrdrune.com> NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Trace: sea.gmane.org 1098694883 1448 80.91.229.6 (25 Oct 2004 09:01:23 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Mon, 25 Oct 2004 09:01:23 +0000 (UTC) Cc: Lennart Borgman , emacs-devel@gnu.org, rms@gnu.org, Jason Rumney Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Oct 25 11:01:13 2004 Return-path: Original-Received: from lists.gnu.org ([199.232.76.165]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1CM0j2-00022A-00 for ; Mon, 25 Oct 2004 11:01:12 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.33) id 1CM0qg-0006Wr-DU for ged-emacs-devel@m.gmane.org; Mon, 25 Oct 2004 05:09:06 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.33) id 1CM0qY-0006Wm-BC for emacs-devel@gnu.org; Mon, 25 Oct 2004 05:08:58 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.33) id 1CM0qX-0006WW-Ng for emacs-devel@gnu.org; Mon, 25 Oct 2004 05:08:57 -0400 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.33) id 1CM0qX-0006WM-JZ for emacs-devel@gnu.org; Mon, 25 Oct 2004 05:08:57 -0400 Original-Received: from [204.127.198.39] (helo=rwcrmhc13.comcast.net) by monty-python.gnu.org with esmtp (Exim 4.34) id 1CM0ie-0006WI-8H; Mon, 25 Oct 2004 05:00:48 -0400 Original-Received: from wyrdrune (c-24-21-205-248.client.comcast.net[24.21.205.248]) by comcast.net (rwcrmhc13) with SMTP id <2004102509003301500n0u1le>; Mon, 25 Oct 2004 09:00:46 +0000 Original-Received: from 127.0.0.1 by wyrdrune ([127.0.0.1] running VPOP3) with ESMTP; Mon, 25 Oct 2004 02:00:42 -0700 User-Agent: Mozilla Thunderbird 0.8 (Windows/20040913) X-Accept-Language: en-us, en Original-To: "Kim F. Storm" In-Reply-To: X-Server: VPOP3 V1.5.0g - Registered X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: main.gmane.org gmane.emacs.devel:28887 X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:28887 Well the way that gnuserve used to deal with this same issue was a) to have the option at build time of unix domain sockets, internet sockets and SYSV messaging. If you used internet sockets then it would read a file, by default ~/gnu_secure or the like I think, and from that file read a list of IP addresses. If the connecting host wasn't listed in the file then the connection was refused. I seem to remember allowing 127.0.0.1 to be automatically authorised on NT, though it wasn't by default on Unix. This looks like it deals with the security issue on a single user machine, but still leaves things open on a multi user one. Perhaps the best solution is to make server-start work in such a way that it can not be connected to remotely, so leave it as is on Unix and make the NT version use tcp restricting connections to localhost only. Then provide something like server-start-net that uses tcp with a loaded list of authorised hosts for those people who want to use it over their network and understand the potential problems and required configuration. Guy Kim F. Storm wrote: >Jason Rumney writes: > > > >>Thanks. I think the main area that needs porting is the use of >>unix domain sockets for communicating between emacsclient and the >>server. I think there are some security issues with changing to >>TCP or UDP sockets (this has been discussed in the past too), so >>mailslots are probably the best replacement on Windows. >> >> > >The problem with TCP is that it may allow access from other users on >the same machine and from other machines in the network. > >But it is easy to avoid connections from other machines -- just >use :host "127.0.0.1" when creating the emacs server socket, then >it only listens for connections from the local host. > >And on windoze, I don't think there (typically) are that many >other users active at the same time... > >Someone else pointed out that the use of a personal firewalls >on Windows should be an problem for using TCP for emacs server. > >Actually, I think that it is an advantage, as the firewall will block >external access to the emacs server (as an extra security), but not >interfere with local access (to 127.0.0.1). > >If mailslots allow external access bypassing the firewall, I think >that's a big problem speaking against mailslots. > > >