[slime-devel] security and presentations
Matthias Koeppe
mkoeppe+slime at mail.math.uni-magdeburg.de
Sat Sep 10 18:19:11 UTC 2005
Alan Ruttenberg <alanr-l at mumble.net> writes:
> I'm trying to understand where this would be a legitimate concern. The
> only situation I can imagine, given that you are in the repl already
> (and hence have full access to the lisp and emacs) is that you want to
> use slime to debug a potentially compromised lisp. In that case one
> could imagine whoever compromised the lisp waiting for you to connect
> with slime and then pounce on your emacs. Is that the situation you
> were thinking about Matthias?
Yes, exactly.
If I connect to a compromised host by the FTP/TELNET/HTTP protocols,
it is not desirable that the host can have my machine execute
arbitrary code. I don't see why it should be different (by design!)
if I connect to a compromised host by the SWANK protocol.
--
Matthias Köppe -- http://www.math.uni-magdeburg.de/~mkoeppe
More information about the slime-devel
mailing list