Comment by ollien

Comment by ollien 11 hours ago

> Neovim’s server defaults to named pipes or domain sockets, which do not have this issue. The documentation states that the TCP option is insecure.

Good note on pipes / domain sockets, but it doesn't appear there's a "default", and the example in the docs even uses TCP, despite the warning below it.

https://neovim.io/doc/user/api.html#rpc-connecting

(EDIT: I guess outside of headless mode it uses a named pipe?)

> VS Code’s ssh daemon is authenticated.

How is it authenticated? I went looking briefly but didn't turn up much; obviously there's the ssh auth itself but if you have access to the remote, is there an additional layer of auth stopping anyone from executing code via the daemon?

mirashii 6 hours ago

> but it doesn't appear there's a "default"

From the page you linked: Nvim creates a default RPC socket at startup, given by v:servername.

You can follow the links on v:servername to read more about the startup process and figure out what that is, but tl;dr, it's a named pipe unless you override it.

Reply View 1 reply

ollien 3 hours ago

Yep yep, makes sense. I was thinking about it running in headless mode (i.e. with --listen)

Reply View | 0 replies

rs_rs_rs_rs_rs 9 hours ago

[flagged]

Reply View 0 replies