bug-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#28618: Emacs Security Issue


From: John Wiegley
Subject: bug#28618: Emacs Security Issue
Date: Wed, 27 Sep 2017 08:44:34 -0700
User-agent: Gnus/5.130016 (Ma Gnus v0.16) Emacs/26.0 (darwin)

>>>>> "DA" == Dor Azouri <address@hidden> writes:

DA> In short, a malicious actor that can execute code as one of the sudoers
DA> (in non-elevated mode), can edit the init file, and add malicious commands
DA> to it. Then he needs to wait for that user to invoke the editor in
DA> elevated mode - and the plugin that was written before, will be loaded
DA> with the root permissions.

If the user has sudo access to run Emacs, isn't the game already over? They
could M-x shell and rm -fr /, no?

-- 
John Wiegley                  GPG fingerprint = 4710 CF98 AF9B 327B B80F
http://newartisans.com                          60E1 46C4 BD1A 7AC1 4BA2





reply via email to

[Prev in Thread] Current Thread [Next in Thread]