Re: Emacs RPC security

[Daniel Colascione]

On 4/25/11 11:02 AM, Ted Zlatanov wrote:
> On Mon, 25 Apr 2011 14:35:49 -0300 Stefan Monnier <address@hidden> wrote: 
> SM> Ted wrote:
>>> 1) authentication: the server should be able to verify the client's
>>> identity and the client should be able to verify the server's identity.
>>> This can be accomplished with SSL certificates and GnuTLS or by signing
>>> each message.
> 
> SM> Using GnuTLS for the TCP connections could be a good idea as well:
> SM> patches welcome.
> 
> I will put server GnuTLS support in Emacs on my TODO list, but it will
> take a while.  I hope you consider it important.
> 
>>> 2) authorization: the server should be able to associate each client
>>> identity with only certain functions it can invoke directly.
> 
> SM> When such a need will arise, we will think about it.  In all the cases
> SM> I've seen until now, the Emacs server is only used by the same user as
> SM> the client, so there's not much point making the security structure
> SM> so complicated, right now.
> 
> Of course, since the security is so weak right now, no one is using it
> outside a limited one-user so you haven't seen any unusual cases.  I
> would use it personally as a remote password server so all my
> auth-source data doesn't live on all the machines I use.  I would also
> use it to implement a remote synchronization facility for Gnus and BBDB.

That's a fine goal, but you don't need to implement the requisite
security in Emacs proper.  stunnel will give you a secure channel and,
with client certificates, can authenticate both parties.  I'd prefer not
to have a GnuTLS server in Emacs right now.

signature.asc
Description: OpenPGP digital signature