undefined | Better HN

0 pointsollien2mo ago0 comments

> Neovim’s server defaults to named pipes or domain sockets, which do not have this issue. The documentation states that the TCP option is insecure.

Good note on pipes / domain sockets, but it doesn't appear there's a "default", and the example in the docs even uses TCP, despite the warning below it.

https://neovim.io/doc/user/api.html#rpc-connecting

(EDIT: I guess outside of headless mode it uses a named pipe?)

> VS Code’s ssh daemon is authenticated.

How is it authenticated? I went looking briefly but didn't turn up much; obviously there's the ssh auth itself but if you have access to the remote, is there an additional layer of auth stopping anyone from executing code via the daemon?

0 comments

mirashii2mo ago

> but it doesn't appear there's a "default"

From the page you linked: Nvim creates a default RPC socket at startup, given by v:servername.

You can follow the links on v:servername to read more about the startup process and figure out what that is, but tl;dr, it's a named pipe unless you override it.

ollienOP2mo ago

Yep yep, makes sense. I was thinking about it running in headless mode (i.e. with --listen)

j / k navigate · click thread line to collapse