From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Ted Zlatanov <tzz@lifelogs.com>
Newsgroups: gmane.emacs.devel
Subject: Re: Emacs RPC security
Date: Mon, 02 May 2011 14:56:46 -0500
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos
Message-ID: <87vcxsswox.fsf@lifelogs.com>
References: <m3ipu4u7bv.fsf@quimbies.gnus.org> <87d3kal0za.fsf@lifelogs.com>
	<jwvfwp6xmr0.fsf-monnier+emacs@gnu.org> <874o5mky4o.fsf@lifelogs.com>
	<m3oc3mb68s.fsf@quimbies.gnus.org> <m3bozm9j08.fsf@quimbies.gnus.org>
	<871v0hudzo.fsf@lifelogs.com> <jwvvcxsc2db.fsf-monnier+emacs@gnu.org>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: dough.gmane.org 1304366228 7394 80.91.229.12 (2 May 2011 19:57:08 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Mon, 2 May 2011 19:57:08 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon May 02 21:57:02 2011
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([140.186.70.17])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1QGzEs-00075H-3H
	for ged-emacs-devel@m.gmane.org; Mon, 02 May 2011 21:57:02 +0200
Original-Received: from localhost ([::1]:36806 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1QGzEr-0003jO-O6
	for ged-emacs-devel@m.gmane.org; Mon, 02 May 2011 15:57:01 -0400
Original-Received: from eggs.gnu.org ([140.186.70.92]:58542)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1QGzEp-0003jE-1c
	for emacs-devel@gnu.org; Mon, 02 May 2011 15:56:59 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1QGzEo-0001ge-7a
	for emacs-devel@gnu.org; Mon, 02 May 2011 15:56:59 -0400
Original-Received: from lo.gmane.org ([80.91.229.12]:42007)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1QGzEn-0001gT-QR
	for emacs-devel@gnu.org; Mon, 02 May 2011 15:56:58 -0400
Original-Received: from list by lo.gmane.org with local (Exim 4.69)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1QGzEm-00074Q-VV
	for emacs-devel@gnu.org; Mon, 02 May 2011 21:56:56 +0200
Original-Received: from 38.98.147.130 ([38.98.147.130])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Mon, 02 May 2011 21:56:56 +0200
Original-Received: from tzz by 38.98.147.130 with local (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Mon, 02 May 2011 21:56:56 +0200
X-Injected-Via-Gmane: http://gmane.org/
Original-Lines: 21
Original-X-Complaints-To: usenet@dough.gmane.org
X-Gmane-NNTP-Posting-Host: 38.98.147.130
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
	d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
	D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.50 (gnu/linux)
Cancel-Lock: sha1:sNO59TlYAEhhsSCnIvLJdrtxj30=
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3)
X-Received-From: 80.91.229.12
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: </archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:138996
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/138996>

On Mon, 02 May 2011 16:48:17 -0300 Stefan Monnier <monnier@iro.umontreal.ca> wrote: 

>> I already mentioned that given GnuTLS, we can associate client-side SSL
>> certificates with particular functions, so we authenticate on the
>> certificates and authorize based on the (certificate, function)
>> combination.  This seems to me much better, even if "orthogonal," than
>> the current "come visit my server and run anything you like" approach.

SM> I think this is pushing server.el where it shouldn't go.  It's not meant
SM> as "Emacs as a server for whichever network service you can think of",
SM> but just "use your own Emacs from other processes".  If you want your
SM> Emacs to offer services to various users (rather than just to yourself),
SM> then you'll want to implement your own (probably based on GNUtls).

I'm saying the problem is that server.el doesn't know if you're offering
services just to yourself or to others as well, so you can't say it's OK
to be less secure for personal use.  Knowledge of the shared key is
sufficient.  Plus there is no authorization granularity so the shared
key grants full access.  Am I missing or misunderstanding something?

Ted