Re: emacsclient socket ownership

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: emacsclient socket ownership

From:	Yuri Khan
Subject:	Re: emacsclient socket ownership
Date:	Fri, 2 Nov 2018 23:53:03 +0700

On Fri, Nov 2, 2018 at 10:39 PM Stefan Monnier <address@hidden> wrote:
>
> > It checks if the socket is owned by the same user (function socket_status).
> > If the user is root, however, this check is ignored (master emacsclient
> > line 1370). Is this not a security issue? Any user can create a socket
> > /tmp/emacs0/server, and root emacsclient will use it.
>
> Sounds like a security issue, yes: root may end up talking to some other
> user's Emacs.

Talking, in and of itself, is not a vulnerability. Can the limited
user’s server.el actually entice the root’s emacsclient to do
something that user would not be able to do?

[Prev in Thread]

Current Thread

[Next in Thread]

emacsclient socket ownership, Glenn Morris, 2018/11/01
- Re: emacsclient socket ownership, Stefan Monnier, 2018/11/02
  - Re: emacsclient socket ownership, Yuri Khan <=
    - Re: emacsclient socket ownership, Stefan Monnier, 2018/11/02
    - Re: emacsclient socket ownership, Paul Eggert, 2018/11/02
    - Re: emacsclient socket ownership, Stefan Monnier, 2018/11/02
    - Re: emacsclient socket ownership, Paul Eggert, 2018/11/02
  - Re: emacsclient socket ownership, Glenn Morris, 2018/11/04
    - Re: emacsclient socket ownership, Paul Eggert, 2018/11/05
    - Re: emacsclient socket ownership, Stefan Monnier, 2018/11/05
    - Re: emacsclient socket ownership, Paul Eggert, 2018/11/05
    - Re: emacsclient socket ownership, Daniel Pittman, 2018/11/06
    - Re: emacsclient socket ownership, Stefan Monnier, 2018/11/06

Prev by Date: Re: copyright assignment for changes to the Eglot package
Next by Date: Re: emacsclient socket ownership
Previous by thread: Re: emacsclient socket ownership
Next by thread: Re: emacsclient socket ownership
Index(es):
- Date
- Thread