[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Closing a privilege escalation

From: Lars Ingebrigtsen
Subject: Re: Closing a privilege escalation
Date: Thu, 26 Apr 2018 09:52:34 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)

Lars Ingebrigtsen <address@hidden> writes:

> Richard Stallman <address@hidden> writes:
>> The discussion reached the conclusion that the problem is real, even
>> with recent GNU/Linux systems.  We have not fixed it.
> I thought the discussion concluded that a sudo user can do anything
> (like put stuff in root's ~/.bashrc), and that this isn't something that
> Emacs should worry about.

Oh, I see: The sploit here is that somebody has access to a user's
account, but doesn't know what the user's password is?  So they place
something in the user's .emacs file that'll be run after the user does a
sudo and then starts Emacs as root?

Sounds kinda cumbersome when the attacker could just install a keylogger
for the user and so on...

(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

reply via email to

[Prev in Thread] Current Thread [Next in Thread]