[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: emacsclient socket ownership

From: Stefan Monnier
Subject: Re: emacsclient socket ownership
Date: Fri, 02 Nov 2018 14:49:45 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)

> Talking, in and of itself, is not a vulnerability. Can the limited
> user’s server.el actually entice the root’s emacsclient to do
> something that user would not be able to do?

Right, the problem is not really that the other end of the socket
belongs to another user, but that the other end may be something else
than intended (e.g. it could be some unsuspecting daemon running as
root: the attacker just made the root user send "garbage" to that
daemon which may lead to exploiting a vulnerability in the daemon).

I agree that the problem may not be the most threatening there is if you
consider random attackers trying to exploit vulnerabilities anywhere
they can, but if you consider an attacker aiming at a particular user
and able to adjust its attack based on knowledge of the user's usage
pattern, I'm sure we can come up with scenarios where this problem can
be exploited.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]