Re: fds beyond 0/1/2

[der Mouse <mouse%Rodents-Montreal.ORG@localhost>]

>>> Why is a global request needed?
>> It's not really _needed_.  It is designed to allow the client to
>> probe for the presence of support earlier than the channel request
>> does.
> Why do you need to probe for that early?

Don't really _need_ to.  I just would like to be able to error out of
the client early if the user specifies forwardings and the server
doesn't support them at all.  It certainly would be a fairly small loss
to remove the global-request aspect of it entirely.

> And *if* you decide to do the channel association thing (rather than
> multiple data types on a single channel), consider how that mechanism
> works together with association of x11 channels with the
> corresponding session (lacking in the RFCs, but IIRC you have some
> alternative x11 messages of your own that do set that up this more
> properly).

Right, I do.  (And, actually, the RFC spec does permit it, by
shoehorning the relevant info into the unnecessary X11 cookie data.)

That's an interesting point; X11 connections, and for that matter
forwarded TCP connections, are something approaching prior art here.  I
should try to take what hints I can from them.

> *** Security implications of unexpected fds ***

> [...]

Yes.  Like any facility, this is one of the things that may need to be
restricted or eliminated for limited-access users.  As long as the
protocol doesn't make it difficult or impossible somehow (which I don't
think any of the ideas so far do), this is just a
quality-of-implementation issue.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B