[slime-devel] security and presentations

Matthias Koeppe mkoeppe+slime at mail.math.uni-magdeburg.de
Sat Sep 10 18:19:11 UTC 2005


Alan Ruttenberg <alanr-l at mumble.net> writes:

> I'm trying to understand where this would be a legitimate concern. The
> only situation I can imagine, given that you are in the repl already
> (and hence have full access to the lisp and emacs) is that you want to
> use slime to debug a potentially compromised lisp. In that case one
> could imagine whoever compromised the lisp waiting for you to connect
> with slime and then pounce on your emacs. Is that the situation you
> were thinking about Matthias?

Yes, exactly.  

If I connect to a compromised host by the FTP/TELNET/HTTP protocols,
it is not desirable that the host can have my machine execute
arbitrary code.  I don't see why it should be different (by design!)
if I connect to a compromised host by the SWANK protocol.

-- 
Matthias Köppe -- http://www.math.uni-magdeburg.de/~mkoeppe



More information about the slime-devel mailing list