[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#30912: emacs as a route to privilege escalation
|
From: |
Richard Stallman |
|
Subject: |
bug#30912: emacs as a route to privilege escalation |
|
Date: |
Sat, 24 Mar 2018 14:15:28 -0400 |
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> It seems to be pure nonsense. You can't edit root's ~/.emacs without
> root privilege.
In principle, that should be the case, but sometimes it isn't.
Basically, it is true if the kernel has no bugs.
However, the kernel often does have a bug which can
be used for "privilege escalation." When such an exploit
is available, problems in user programs can be used to take
control of the computer.
But this does not require a add-on. Bugs in programs that
display files obtained over the web, even files that are not
supposed to contain code at all, can be used to do this.
It is a real problem.
--
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
Skype: No way! See https://stallman.org/skype.html.