vim-hug-neovim-rpc icon indicating copy to clipboard operation
vim-hug-neovim-rpc copied to clipboard

Published 20 hours ago verified publisher icon roxma

alternative methods besides TCP

Open prabirshrestha opened this issue 8 years ago • 4 comments

The problem with TCP is that the port is exposed and a malicious app can listen and write to it. Are there plans to provide alternative protocol such as named pipes.

prabirshrestha avatar Feb 19 '17 19:02 prabirshrestha

Fair point.

This plugin currently supports neovim_rpc#jobstart, using stdin, stdout for the channel.

Looks like unix domain socket is a better option, as the v:servername on neovim. It seems named pipe needs to be created each time for each rpc connection

roxma avatar Feb 20 '17 01:02 roxma

Recently I have installed this to use deoplete. Just now I sudo vim some file, and suddenly realize that, if any of those highly-restricted services (mostly dedicated user, no root, no normal file system access) running on my machine actually do something terrible, my system will be pwned easily....

lilydjwg avatar Dec 20 '17 07:12 lilydjwg

It's sad that Vim doesn't support UNIX domain sockets :-(

lilydjwg avatar Dec 20 '17 07:12 lilydjwg

The commit https://github.com/roxma/vim-hug-neovim-rpc/commit/5a20db1f06a4b1bba5015881ffe218678d7ec085 enables unix socke based rpc server.

It seems it doesn't boost the time performance except for the security improvement.

Unfortunately there's still an internal vim server which is using tcp. It's hard to change this because :help ch_open only supports TCP.

roxma avatar Jul 30 '18 06:07 roxma