help-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to communicate with a running external process with


From: Thorsten Jolitz
Subject: Re: How to communicate with a running external process with
Date: Wed, 24 Jul 2013 08:34:44 +0200
User-agent: Gnus/5.130002 (Ma Gnus v0.2) Emacs/24.3 (gnu/linux)

"Pascal J. Bourguignon" <pjb@informatimago.com> writes:

> Thorsten Jolitz <tjolitz@gmail.com> writes:
>> I did not mean Common Lisp, but there is a Swank implementation for my
>> Uncommon Lisp of interest, and it did not occur to me to consider it -
>> so thanks for this marvelous tip!
>
> So just loading swank in that other lisp, and starting a swank sever:
>
>     (swank:create-server :port 4005) ; in CL
>
> you can then connect to it from emacs with M-x slime-connect RET RET RET
>
> You can even do some kind of "RPC" (Remote Procedure Call) in both
> directions (trivial from slime, have a look at [1] to evaluate emacs lisp
> expressions from the other lisp).
>
> [1]: http://paste.lisp.org/display/22414

Thats nice.

One headache is the security aspect, though.

On
[[http://stackoverflow.com/questions/309440/lisp-in-a-box-why-is-it-starting-a-server][stackoverflow]]
someone asked the questions that came immediately to my mind too when
thinking about starting a swank-server from a Lisp process that runs a
long-running production webserver:

,-------------------------------------------------------------------------
| Slime was meant to interface with a Swank server, which allows for
| debugging and patching a live, long-running process on-the-fly, correct?
| Isn't this dangerous? I certainly wouldn't want to just write and
| execute code on-the-fly, on a production web server, potentially causing
| it all to crash. – Cybis Nov 21 '08 at 22:18 1
|         
| Furthermore, isn't this a security issue? Anyone could connect to the
| process and execute arbitrary LISP code. Why wouldn't there by some sort
| of authentication/authorization mechanism for this, if that's what swank
| was meant for? – Cybis Nov 21 '08 at 22:20
`-------------------------------------------------------------------------

There seems to be authentication via a slime-secret file, but otherwise a
connected user could execute arbitrary LISP code on the swank-server, right?

-- 
cheers,
Thorsten




reply via email to

[Prev in Thread] Current Thread [Next in Thread]