<<< Date Index >>>     <<< Thread Index >>>

Re: OT: gnuclient vs. emacsclient



On Tue, Nov 18 2003 at 03:43:46PM BRST, Rob Reid <kepler@xxxxxxx> wrote:
> Well, maybe not that OT, since we're discussing the best way of editing
> messages with mutt.

        I hope so :)

> At  8:22 AM PST on November 18 Allister MacLeod sent off:
> > Hmm.. seems unfair that emacsclient doesn't let you pass -eval
> 
> Yes, *seems* that way, but the way I see it remote -eval without decent
> authentication is a security risk.  Last I checked, gnuclient used xhost
> type authentication instead of xauth type authentication.

        Besides, gnuclient's -eval eval's the code for emacs "in general",
not for the buffer with the file you're going to edit. I tested it with the
function to go to the first empty line I posted yesterday. I affects the
focused buffer on the original window (for instance, *scratch*), not the
file you're about to edit.

        So, again, using auto-mode-alist is a much cleaner way to do it.

> I have not tried this, or heard of an exploit, but suppose another user
> managed to gnuclient -eval some lisp code on your xemacs that opened up the
> permissions of some files or some other nefarious thing.
> 
> emacsclient seems to only send files to emacs servers with the same UID, but
> even if another user finds a way around that, sending files is merely
> annoying, or at worst a DoS attack if the malicious user does it in a tight
> loop.
> 
> Not a problem on a single user system, but some of the more interesting
> applications of gnuclient, like editing messages on a different computer from
> the one where you're running mutt, involve the network.

        Very true.



                rbp
-- 
 Rodrigo Bernardo Pimentel                         <rbp@xxxxxxxxxxxx>
 http://isnomore.net                          GPG KeyId: <0x0DB14978>

Sleep is just a poor substitute for caffeine, anyway.
          -- Bob Lehmann