Re: Emacs RPC security

[Ted Zlatanov]

On Tue, 03 May 2011 02:51:28 +0200 Lars Magne Ingebrigtsen <address@hidden> 
wrote: 

LMI> Ted Zlatanov <address@hidden> writes:
>> Is the mechanism used for evaluating code remotely, or only locally?
>> In other words, can it be accessed over the network?

LMI> It's for evaluating code remotely over the network.

On Mon, 02 May 2011 21:35:46 -0300 Stefan Monnier <address@hidden> wrote: 

>> I'm saying the problem is that server.el doesn't know if you're offering
>> services just to yourself or to others as well, so you can't say it's OK
>> to be less secure for personal use.

SM> server.el offers full service only.

Yes, I know!  I think it should at *least* have the option to limit the
access at the entry point when the code is eval-ed.  In Common Lisp you
can disable many of the Lisp reader's options that evaluate code, but I
don't know how the Emacs Lisp reader can do that.

SM> If you give access to it to someone else than yourself, it's your
SM> mistake, not server.el.

As I keep trying to explain, you don't know who is on the other end
because there is *no* authentication, or rather it's binary: you have
the shared secret or you don't.

At least let's associate a shared secret with an access level, so we do
not allow full access all the time.  The access level can be a list of
function symbols that can be called, for instance.

Ted