Before 6d74978 and 44b35f7 anyone* could connect to a running fish_config server and send code to (e.g.) set_prompt, which is obviously bad.
That's been clamped down to localhost-only now, which helps, but it's still possible for someone on your local machine to wait for you to start fish_config and then talk to the server.
There's a perfect API for verifying who is on the other end of a local IP/IPv6 socket - getpeerucred(3). Unfortunately, it's only available on Solaris.
We could include an authentication key in the URL, but that could be read from the command line.
Before 6d74978 and 44b35f7 anyone* could connect to a running fish_config server and send code to (e.g.) set_prompt, which is obviously bad.
That's been clamped down to localhost-only now, which helps, but it's still possible for someone on your local machine to wait for you to start fish_config and then talk to the server.
There's a perfect API for verifying who is on the other end of a local IP/IPv6 socket - getpeerucred(3). Unfortunately, it's only available on Solaris.
We could include an authentication key in the URL, but that could be read from the command line.