[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: expressions
|
From: |
Theodore Ts'o |
|
Subject: |
Re: expressions |
|
Date: |
Tue, 7 Jan 2003 06:53:26 -0500 |
|
User-agent: |
Mutt/1.4i |
On Sun, Jan 05, 2003 at 11:55:49AM -0800, Bob Halley wrote:
> No, it is not safe. On Solaris, at least as recent as Solaris 8, the
> file permissions on UNIX domain sockets are totally ignored. This may
> be true on other platforms as well, though many platforms "do the
> right thing" and check file permissions.
Wow. I didn't realize Solaris was that broken/stupid.
Although granted adding the ability to server.el to evaluate arbitrary
LISP expression becomes a security disaster, even without that, users
who have enable-local-variables set to t and who run server.el are in
trouble --- since an attacker can ask emacs to open an arbitrary file
created by the attacker, and the local variables in the file can
contain arbitrary lisp expressions.
> The standard way of dealing with this portably is to create a
> directory for the socket filename to live in, and control access via
> permissions on the directory.
Yes, although this causes the backwards compatibility problems
mentioned in other mail messages. One solution would be to allow the
location to be configurable via an emacs-server variable to be one of
the following possibilities, with emacsclient searching all of these
locations:
/tmp/esrv<uid>-hostname
(for backwards compatibility with old emacsclient binaries)
/tmp/esrv-<uid>/hostname
(for homedirs using filesystems that don't support sockets)
~/.eserv/<hostname>
(to avoid tmp cleaners)
(BTW, Note that one way of dealing with the temp cleaner problem would
be to have the emacsserver binary periodically wake up every so often,
and try touching the containing directory and socket. If they have
disappeared, the binary could recreate them.)
Another thought --- if we're willing to bag backwards compatibility
altogether, a friend recently pointed me at the existence of another
package, gnuserv/gnuclient, which does most of what I had wanted. It
is completely non-backwards compatible with emacslcleint --- indeed,
because it uses the same variable and function names as server.el, it
cannot be loaded at the same time as server.el. However, it uses
s-expressions for evaluating lisp expressions as well as for passing
filenames to be edited, so it is cleaner than the existing
emacsclient/emacsserver. It also has security features built in, and
can listen on TCP ports, so you use it across the network.
- Ted
- Re: expressions, (continued)
- Re: expressions, Bob Halley, 2003/01/05
- Re: expressions, chad, 2003/01/07
- Re: expressions, Bob Halley, 2003/01/07
- Re: expressions, Kim F. Storm, 2003/01/07
- Re: expressions, Luc Teirlinck, 2003/01/07
- Re: expressions, Stefan Monnier, 2003/01/11
- Re: expressions, Kai Großjohann, 2003/01/07
Re: expressions, Richard Stallman, 2003/01/07
Re: expressions,
Theodore Ts'o <=