bug#28618: Emacs Security Issue

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#28618: Emacs Security Issue

From:	Noam Postavsky
Subject:	bug#28618: Emacs Security Issue
Date:	Thu, 05 Oct 2017 22:23:37 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/26.0.60 (gnu/linux)

retitle 28618 Emacs respects $HOME, even when user is root
tags 28618 + wontfix
quit

Dor Azouri <dor.azouri@safebreach.com> writes:

> Thanks for checking this problem.
> I am convinced by the comments that this is not a pure Emacs issue,
> though a step can still be taken to help users protect from this
> abuse.
>
> For example, Notepad++ on Windows does not load user plugins (located
> in AppData) when run as Administrator - unless an Administrator
> explicitly puts a specific file in the protected installation
> directory ("allowAppDataPlugins.xml").

It could be different for Windows, but for GNU/Linux I think the
previous messages already explained why this doesn't actually protect
anything.  The user can still get the behaviour they like by setting the
appropriate sudo option.  I don't see why Emacs should override that.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#28618: Emacs Security Issue, Dor Azouri, 2017/10/01
- bug#28618: Emacs Security Issue, Noam Postavsky <=

Prev by Date: bug#28658: 27.0.50; [PATCH] double/triple clicking in xterm-mouse-mode doesn't respect mouse position
Next by Date: bug#28623: 27.0.50; lisp/progmodes/cc-engine.el incorrect indentation of C++14 curly-brace initializer list
Previous by thread: bug#28618: Emacs Security Issue
Next by thread: bug#28656: 26.0.60; hl-line-mode causes jittery point movement in terminal
Index(es):
- Date
- Thread