Comment by mirashii
2 days ago
Neovim’s server defaults to named pipes or domain sockets, which do not have this issue. The documentation states that the TCP option is insecure.
VS Code’s ssh daemon is authenticated.
2 days ago
Neovim’s server defaults to named pipes or domain sockets, which do not have this issue. The documentation states that the TCP option is insecure.
VS Code’s ssh daemon is authenticated.
> Neovim’s server defaults to named pipes or domain sockets, which do not have this issue. The documentation states that the TCP option is insecure.
Good note on pipes / domain sockets, but it doesn't appear there's a "default", and the example in the docs even uses TCP, despite the warning below it.
https://neovim.io/doc/user/api.html#rpc-connecting
(EDIT: I guess outside of headless mode it uses a named pipe?)
> VS Code’s ssh daemon is authenticated.
How is it authenticated? I went looking briefly but didn't turn up much; obviously there's the ssh auth itself but if you have access to the remote, is there an additional layer of auth stopping anyone from executing code via the daemon?
> but it doesn't appear there's a "default"
From the page you linked: Nvim creates a default RPC socket at startup, given by v:servername.
You can follow the links on v:servername to read more about the startup process and figure out what that is, but tl;dr, it's a named pipe unless you override it.
Yep yep, makes sense. I was thinking about it running in headless mode (i.e. with --listen)
[flagged]