[slime-devel] Re: Slime packaging in Debian
Thomas F. Burdick
tfb at OCF.Berkeley.EDU
Mon Feb 21 08:27:01 UTC 2005
Robert Marlow writes:
> On Sun, 2005-02-20 at 10:36 +0100, Luke Gorrie wrote:
> > 3. We should fix some authentication on the socket connection to
> > remove security considerations (if someone else connects to Lisp
> > before Emacs; see top of PROBLEMS file)
> > Thoughts?
> Good point on 3. The Debian security team may complain about that :) I
> think this could be fixed by generating something random with M-x SLIME
> and using it as a key for create-server. I can whack that together and
> submit a patch if that's all that's required.
I think this would be sufficient to solve the big gaping security
hole, and is probably the best portable solution. What would be even
nicer would be additional support for Unix-domain sockets. If
create-server could be passed a pathname specifier, or even an
existing socket, it would make administrative access to Lisp servers
nicer. Eg, I have a server running an SBCL image that's running both
Araneida and SWANK. It would be nice if SWANK listened on a socket
that only users in the webadmin group could connect to, instead of the
ugly ugly hack I have now.
More information about the slime-devel