mdw@nsict.org (Mark Wooding) writes:
SLIME is very cool; thanks.
It's a shame it's not very secure, though. Below is a patch which addresses the two problems I've found:
Thanks Mark! I've applied this. We need to start experimenting with basic security features and it's handy to have it off by default.
We still have a /tmp file vulnerability though right - I think an attacker could trick Emacs into connecting to the wrong port?
Erlang's authentication is like this except (a) if the secret file doesn't exist then it gets created with random contents and (b) instead of sending the password you send a challenge C and the other guy proves he knows the password by sending (md5 (concat C secret)). Keeping the secrets synchronized in that scheme can be a bit boring though.
Cheers, Luke