From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Thien-Thi Nguyen Newsgroups: gmane.lisp.guile.devel Subject: Re: guile --listen Date: Tue, 12 Oct 2010 10:47:57 +0200 Message-ID: <87sk0b4x1e.fsf@ambire.localdomain> References: NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: dough.gmane.org 1286874504 18071 80.91.229.12 (12 Oct 2010 09:08:24 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Tue, 12 Oct 2010 09:08:24 +0000 (UTC) Cc: guile-devel To: Andy Wingo Original-X-From: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org Tue Oct 12 11:08:23 2010 Return-path: Envelope-to: guile-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1P5aqJ-0007mV-Hb for guile-devel@m.gmane.org; Tue, 12 Oct 2010 11:08:19 +0200 Original-Received: from localhost ([127.0.0.1]:41946 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1P5aqI-0007ii-KF for guile-devel@m.gmane.org; Tue, 12 Oct 2010 05:08:18 -0400 Original-Received: from [140.186.70.92] (port=39039 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1P5aq5-0007I6-Sa for guile-devel@gnu.org; Tue, 12 Oct 2010 05:08:09 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1P5aae-00033L-Ea for guile-devel@gnu.org; Tue, 12 Oct 2010 04:52:09 -0400 Original-Received: from smtp205.alice.it ([82.57.200.101]:46727) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1P5aae-000330-4k for guile-devel@gnu.org; Tue, 12 Oct 2010 04:52:08 -0400 Original-Received: from ambire.localdomain (95.244.64.84) by smtp205.alice.it (8.5.124.08) id 4C1A26450780C391; Tue, 12 Oct 2010 10:52:02 +0200 Original-Received: from ttn by ambire.localdomain with local (Exim 4.69) (envelope-from ) id 1P5aWb-0001iu-Lq; Tue, 12 Oct 2010 10:47:57 +0200 In-Reply-To: (Andy Wingo's message of "Sun, 10 Oct 2010 21:01:32 +0200") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux) X-detected-operating-system: by eggs.gnu.org: Windows 98 (1) X-BeenThere: guile-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Developers list for Guile, the GNU extensibility library" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org Errors-To: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.lisp.guile.devel:11033 Archived-At: () Andy Wingo () Sun, 10 Oct 2010 21:01:32 +0200 Hi Andy, Security-wise, using a localhost address can result in local users being able to do anything your process can do [...] eep [...] It would be nice to be able to make any long-running Guile application hackable just with a command-line argument, though :) I think each application should make this decision individually. It's nice that the infrastructure is shared, but the command-line argument for all Guile programs goes too far, IMHO. Perhaps a compromise would be to make a module that processes an application specific command-line argument and hooks things up appropriately. (use-modules ((... parse-listener-command-line-option) #:select (maybe-listen))) (define ((maintain context) port initial-creds) ;; authentication, authorization (cond ((or (not (well-formed initial-creds)) (not (mostly-harmless (negotiate port initial-creds)))) (close-port port)) (else ;; set up logging; ;; notify the main loop of a(nother) munger; ;; finally, enter app-specific repl ...))) (define (main args) (let ((app-context (...))) ;; do stuff that should not be interrupted ... ;; ok, be accomodating (maybe-listen args ;; command-line arg '--maintenance-access ;; what to do if recognized (maintain app-context) ;; what to do when done close-port) ...)) This way the application that wants to can compose command-line listener specification, interaction protocol, and timing of access more flexibly, without imposing a potentially unwanted spy on other Guile programs. In summary, i like the idea and potential of the core, but not the coarse-grained and indiscriminate top-level control. Factor and be free!