[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random num

From: Richard Copley
Subject: bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems
Date: Tue, 29 Dec 2015 21:22:55 +0000

>> [...]
> That's correct (it requires a Windows Server with enabled terminal
> services), but each user session has of course its own process space, so
> I don't see how the described attack could work there.

Not sure what you mean by process space. As an unprivileged user
you can find other users' Emacs processes without any effort (using
tasklist.exe, for example). If you know on what port an Emacs server
is listening (which is admittedly a difficulty), you can send bytes to it.
I've just done so as an experiment. (I was driving both sessions so I
knew the server port.)

I haven't reproduced the whole attack scenario and I don't pretend
know whether it could work. I don't claim any expertise in software
security. I just wanted to help out by answering Eli's questions.

To get back to the OP's main point, given that we already go to the
trouble of creating this secret, it wouldn't hurt to do it better (on all
systems, for preference). On Windows it really doesn't seem hard.
Sorry, no patch, for legal reasons, but there's a simple example on
the MSDN page for CryptGenRandom.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]