[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Closing a privilege escalation

From: Paul Eggert
Subject: Re: Closing a privilege escalation
Date: Wed, 25 Apr 2018 10:55:06 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0

On 04/25/2018 10:09 AM, Stefan Monnier wrote:
$HOME should point to a directory which is only writable
by users of higher-or-equal privilege-level.

It's not just $HOME, though, right? It's also EMACSLOADPATH, EMACSPATH, ESHELL, HISTFILE, or anything else specifying where Emacs should get code or data from or send information to. (Oh, and don't forget my favorite environment variable TZ. :-) If Emacs is serious about not trusting sudo, then every file and directory specified by any of these would need to be vetted.

Also, to be safe shouldn't Emacs check ownership and permissions not only of each file and directory, but also of all those files' ancestors? For example, it won't help that /home/whatever is owned by root, if /home itself is owned by baduser.

And suppose the user is 'eggert' and the directory /usr/share/emacs/site-lisp (or whatever) is owned by user 'bin' - in that case, how should Emacs determine that 'bin' is a user of "higher-or-equal privilege level"?

We do have to be careful of mission creep here. Emacs is supposed to be a user-level application and setup security is supposed to be sudo's job.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]