let edit-server listen on unix domain socket on systems that support them

[TauPan]

Hi!

I'd like to use edit-with-emacs on a multi-user system (other valid users can log in via ssh). Since edit-server accepts connections via localhost by default, in principle every user on the network could hijack my emacs (e.g. by tunneling the appropriate port via ssh).

This makes it quite dangerous to use e.g. in school/university multi-user installations.

This could easily be prevented by listening to a unix domain socket in /tmp and set its permissions to o600.

Cheers Friedel

[TauPan]

Uhm, it just occured to me that if chrome can't access the filesystem, it won't be able to access a unix domain socket either, which would make this impossible...

[stsquad]

Indeed as you have noted.

However all is not lost. I'm hoping to get the edit-server ported to web-sockets at which point it would be simpler to add some sort of basic authentication to the process which could ameliorate the security issues. I'll have to check with @ahyatt if the emacs web-sockets can run over SSL.

[ahyatt]

Good news: web-sockets can run over SSL!

Bad news: It's only possible on emacs 24. I can't remember the reasons why it provided hard/impossible for emacs 23, but I can research it if needed.

[stsquad]

@ahyatt well I guess we'll have to maintain two edit servers and make it an option in the Chrome extension which you use.

[ahyatt]

Could you just make the ssl part an option? In that case it is websockets either way, which should make the codebase easier to manage.

[stsquad]

@ahyatt ahh I see, websockets works on Emacs 23 but just not with SSL? Yeah that would be better. I don't know if supporting Emacs 22 would be a worth goal or not.

[ahyatt]

Yes, ssl is just for emacs 24, but non-ssl can work with emacs 23 and emacs 24. I haven't looked at emacs 22, so this stuff may work, it's just completely untested.

[ahyatt]

BTW, in general, I'm not sure how you would have ssl connections to Chrome. Chrome, to my knowledge, can't open a websocket itself, only connect to one. And websocket support secure client-side connections, but not secure server-side connections. That may be beyond what emacs can handle (creating secure servers is generally kind of complicated and error-prone).

[TauPan]

I've just discovered TextAid which solves this issue by simply implementing HTTP Basic Auth over localhost. This is what I'm using right now.

localhost (via loopback) solves the problem of snooping on the cable and basic auth solves the problem of unauthorized access (from coworkers etc.) via ssh. You only have to take care to store the authentication file securely (via unix file permissions or a similar mechanism).