bug-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random num


From: Eli Zaretskii
Subject: bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems
Date: Fri, 18 Dec 2015 12:46:26 +0200

> From: Demetri Obenour <address@hidden>
> Date: Fri, 18 Dec 2015 05:05:09 -0500
> 
> 
> 1. Be logged into the same Windows computer as someone else.
> 2. Have a process running that is notified whenever a process starts up
> 3. Have them run `emacs --daemon' or invoke `server-start'.
> 4. Use the knowledge of the current time and the server's PID to guess
>    the authentication key.
> 5. Connect to the other user's Emacs server.
> 6. Execute arbitrary code with the other user's privileges.

Please provide the necessary details for reproducing this problem and
verifying the solution.  What I'm missing:

> 1. Be logged into the same Windows computer as someone else.

How do you do that?  I understand you are describing a situation where
2 users are logged into the same Windows system simultaneously using
the same credentials, is that true?  If so, how to create such a
situation?

> 2. Have a process running that is notified whenever a process starts up
> 3. Have them run `emacs --daemon' or invoke `server-start'.
> 4. Use the knowledge of the current time and the server's PID to guess
>    the authentication key.

I don't think we use the current time and PID for that, but even if we
do, how do you get a hold of the time at the moment of the server
creation to nanosecond resolution?  Please tell how to do that.

Thanks.





reply via email to

[Prev in Thread] Current Thread [Next in Thread]