Path: utzoo!attcan!uunet!lll-winken!lll-tis!helios.ee.lbl.gov!pasteur!agate!bionet!apple!bloom-beacon!spdcc!ima!think!barmar
From: barmar@think.COM (Barry Margolin)
Newsgroups: comp.emacs
Subject: Re: Socket created by emacsclient server
Message-ID: <30663@think.UUCP>
Date: 8 Nov 88 20:04:47 GMT
References: <8811081614.AA18577@EDDIE.MIT.EDU>
Sender: news@think.UUCP
Reply-To: barmar@kulla.think.com.UUCP (Barry Margolin)
Organization: Thinking Machines Corporation, Cambridge MA, USA
Lines: 28

In article <8811081614.AA18577@EDDIE.MIT.EDU> thakur%cfa201@HARVARD.HARVARD.EDU (Manavendra K. Thakur) writes:
>Is there anyone who can shed some light on how to delete this socket
>automatically (is there an equivalent of the .logout file for emacs)?
>It would be best to only create the socket as it was needed (i.e.
>only when emacs was called by the client), and then delete it as the
>when the client exits, but this may not be possible.

It's definitely not possible.  This socket is the mechanism by which
emacsclient invokes the emacs server.  The emacs server is constantly
waiting in the background for a message to come over the socket.

>With the recent virus attacks in mind, it seems that leaving this
>socket open could present a potential problem.

Leaving the socket open after emacs exits is not a problem, because
there's nobody listening to what anyone sends.  However, you did point
out that the access on the socket is 777, which is a security problem
while emacs IS running.  It means that anyone can cause your emacs
server to start editing a file; if emacsclient accepts -f and -l
arguments (I don't know offhand whether it does), it means that anyone
can cause your emacs process to execute arbitrary code.  I can't
imagine any reason why the access on the socket should be anything but
700.

Barry Margolin
Thinking Machines Corp.

barmar@think.com
{uunet,harvard}!think!barmar