[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#30912: emacs as a route to privilege escalation

From: Lars Ingebrigtsen
Subject: bug#30912: emacs as a route to privilege escalation
Date: Fri, 23 Mar 2018 00:57:49 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)

"Nelson H. F. Beebe" <address@hidden> writes:

> The SANS security list today carried a pointer to this Web site:
>       Abusing Text Editors with Third-party Plugins
>       March 15, 2018
>       Dor Azouri 
> https://safebreach.com/Post/Abusing-Text-Editors-with-Third-party-Plugins
> It links to an 11-page report of the same title at
>       https://go.safebreach.com/rs/535-IXZ-934/images/Abusing_Text_Editors.pdf
> Do emacs developers wish to respond to the security attacks described
> there?

To save people time, I've included the Emacs-relevant bits below.

It seems to be pure nonsense.  You can't edit root's ~/.emacs without
root privilege.


Emacs executes its init file when it loads, and that’s where a user can add key 
bindings, define functions, and call external
commands. It contains personal EmacsLisp code that will be executed when Emacs 
starts. This file is located in one of the
following locations:
For GnuEmacs, it is ~/.emacs or _emacs or ~/.emacs.d/init.el.
For XEmacs, it is ~/.xemacs or ~/.xemacs/init.el.
For AquamacsEmacs, it is ~/.emacs or ~/Library/Preferences/Aquamacs 
All you have to do is add this ELisp line of code to the 
init file
. It will execute the command “touch /stub.file”, when “~/
emacs.d/” is the working directory.
 (let ((
 "~/.emacs.d/")) (shell-command "
touch /stub.file
And the privilege escalation objective is possible here as well, because 
surprisingly, this init file can be edited without root 

(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

reply via email to

[Prev in Thread] Current Thread [Next in Thread]