emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Closing a privilege escalation

From: Richard Stallman
Subject: Re: Closing a privilege escalation
Date: Thu, 26 Apr 2018 17:01:34 -0400 
[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > And this exploit code could just as well not wait to be run as root and
  > instead install a key-logger on `sudo`, after which the attacker can
  > `sudo` to run any code it wants.

Maybe it is possible to figure out ways to make it impossible to set
up a phony sudo command.  But that would require several new security
features.  I don't know whether such features are possible or not.

It would be worth studying, but it isn't related to Emacs.

So I guess we can forget about trying to solve the rewritten .emacs
problem.

-- 
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
Skype: No way! See https://stallman.org/skype.html.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]