bug-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#28618: Emacs Security Issue


From: Noam Postavsky
Subject: bug#28618: Emacs Security Issue
Date: Thu, 28 Sep 2017 07:25:32 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.60 (gnu/linux)

tags 28618 + unreproducible
quit

Dor Azouri <address@hidden> writes:

> Reproduction steps:
> ===================
> 1)  Add the following ELisp line of code to the init file. It will be
> loaded on startup and execute the command “touch /stub.file”, when “~
> /.emacs.d/” is the working directory.
>         (let ((default-directory "~/.emacs.d/")) (shell-command
> "touch /stub.file"))
> 2)  Wait for the user to invoke Emacs in elevated mode. The owner of
> the newly created stub file is root.

As Glenn noted, this doesn't actually work: 'sudo emacs' uses
/root/.emacs, not ~/.emacs.

~$ sudo id
uid=0(root) gid=0(root) groups=0(root)
~$ echo '(let ((default-directory "~/.emacs.d/")) (shell-command "touch 
/stub.file"))' > .emacs
~$ emacs # *Messages* has "touch: cannot touch '/stub.file': Permission denied"
~$ ls /stub.file
ls: cannot access '/stub.file': No such file or directory
~$ sudo emacs
~$ ls /stub.file
ls: cannot access '/stub.file': No such file or directory







reply via email to

[Prev in Thread] Current Thread [Next in Thread]