[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Closing a privilege escalation
|
From: |
Richard Stallman |
|
Subject: |
Re: Closing a privilege escalation |
|
Date: |
Thu, 26 Apr 2018 17:05:23 -0400 |
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> I thought the discussion concluded that a sudo user can do anything
> (like put stuff in root's ~/.bashrc), and that this isn't something that
> Emacs should worry about.
A sudo-capable user can do all sorts of bad things while sudoing,
but that's not what we are talkin about.
Here the issue is what malicious code can do, while that user is NOT sudoing,
to arrange to take advantage later. One way is by editing .emacs
so that it will do something bad next time the user runs Emacs under sudo.
Unfortunately, it seems there are many ways the code could do that,
which do not work by editing .emacs. So trying to block that avenue
is ineffective.
--
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
Skype: No way! See https://stallman.org/skype.html.
Re: Closing a privilege escalation, Davis Herring, 2018/04/25
Re: Closing a privilege escalation, Glenn Morris, 2018/04/25