[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: emacsclient socket ownership

From: Yuri Khan
Subject: Re: emacsclient socket ownership
Date: Fri, 2 Nov 2018 23:53:03 +0700

On Fri, Nov 2, 2018 at 10:39 PM Stefan Monnier <address@hidden> wrote:
> > It checks if the socket is owned by the same user (function socket_status).
> > If the user is root, however, this check is ignored (master emacsclient
> > line 1370). Is this not a security issue? Any user can create a socket
> > /tmp/emacs0/server, and root emacsclient will use it.
> Sounds like a security issue, yes: root may end up talking to some other
> user's Emacs.

Talking, in and of itself, is not a vulnerability. Can the limited
user’s server.el actually entice the root’s emacsclient to do
something that user would not be able to do?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]