Re: OT: gnuclient vs. emacsclient
On Tue, Nov 18 2003 at 03:43:46PM BRST, Rob Reid <kepler@xxxxxxx> wrote:
> Well, maybe not that OT, since we're discussing the best way of editing
> messages with mutt.
I hope so :)
> At 8:22 AM PST on November 18 Allister MacLeod sent off:
> > Hmm.. seems unfair that emacsclient doesn't let you pass -eval
>
> Yes, *seems* that way, but the way I see it remote -eval without decent
> authentication is a security risk. Last I checked, gnuclient used xhost
> type authentication instead of xauth type authentication.
Besides, gnuclient's -eval eval's the code for emacs "in general",
not for the buffer with the file you're going to edit. I tested it with the
function to go to the first empty line I posted yesterday. I affects the
focused buffer on the original window (for instance, *scratch*), not the
file you're about to edit.
So, again, using auto-mode-alist is a much cleaner way to do it.
> I have not tried this, or heard of an exploit, but suppose another user
> managed to gnuclient -eval some lisp code on your xemacs that opened up the
> permissions of some files or some other nefarious thing.
>
> emacsclient seems to only send files to emacs servers with the same UID, but
> even if another user finds a way around that, sending files is merely
> annoying, or at worst a DoS attack if the malicious user does it in a tight
> loop.
>
> Not a problem on a single user system, but some of the more interesting
> applications of gnuclient, like editing messages on a different computer from
> the one where you're running mutt, involve the network.
Very true.
rbp
--
Rodrigo Bernardo Pimentel <rbp@xxxxxxxxxxxx>
http://isnomore.net GPG KeyId: <0x0DB14978>
Sleep is just a poor substitute for caffeine, anyway.
-- Bob Lehmann