<<< Date Index >>>     <<< Thread Index >>>

OT: gnuclient vs. emacsclient



Well, maybe not that OT, since we're discussing the best way of editing
messages with mutt.

At  8:22 AM PST on November 18 Allister MacLeod sent off:
> Hmm.. seems unfair that emacsclient doesn't let you pass -eval

Yes, *seems* that way, but the way I see it remote -eval without decent
authentication is a security risk.  Last I checked, gnuclient used xhost
type authentication instead of xauth type authentication.

I have not tried this, or heard of an exploit, but suppose another user
managed to gnuclient -eval some lisp code on your xemacs that opened up the
permissions of some files or some other nefarious thing.

emacsclient seems to only send files to emacs servers with the same UID, but
even if another user finds a way around that, sending files is merely
annoying, or at worst a DoS attack if the malicious user does it in a tight
loop.

Not a problem on a single user system, but some of the more interesting
applications of gnuclient, like editing messages on a different computer from
the one where you're running mutt, involve the network.