Athenticated RPC #212
Comments
|
Yes, he is a great developer, but what's the link between Sly and Next?
Also what's the link with this issue in particular?
|
|
@Ambrevar I've briefly looked over it, looks good so far. The problem with this kind of code is that there's no obvious way of proving it correct, one would instead need to try hard to break it. |
|
Thanks @wasamasa!
This is only a temporary measure though, I'd like to replace the current RPC with
dbus as soon as possible. This way we would greatly reduce the attack
surface.
|
|
1.2.2 has just been released! I'll now move on to working on a proper dbus implementation. Thanks all for your contributions! |
|
If you are interested, you can check out the dbus-2 branch, it contains a fully-working implementation for gtk-webkit! I'm planning to merge tomorrow. |
|
OK, looks like the GTK port and the Lisp parts use it, but what about the Cocoa port? Does it still work after this change? If no, what changes would be needed to make it work again? Does DBus even stand a chance of running on macOS? |
|
Yes, DBus runs just fine on macOS, it will be part of the pyqt port which will become the new port for macOS due to limitations in the Cocoa Webkit Port |
In commits c4d6343 and dc96d84 @jgkamat implemented authentication of RPC messages to avoid remote execution exploits.
@wasamasa: I was told you had investigated this issue as well. Would you be interested in reviewing those commits before I release 1.2.2?
The text was updated successfully, but these errors were encountered: