[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sudo:: method in tramp possible security issue

From: Michael Albinus
Subject: Re: sudo:: method in tramp possible security issue
Date: Tue, 20 Nov 2018 23:16:52 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1.90 (gnu/linux)

Paul Eggert <address@hidden> writes:

> Is there a simple way to configure Emacs so that it does not use this
> sudo (or sudoedit) feature of Tramp? If not, perhaps there should be
> one.

Remove the corresponding entries from tramp-methods. Something like

(setq tramp-methods (delete (assoc "sudo" tramp-methods) tramp-methods))

Same for "su", and "sudoedit" (once it is added to Tramp). However,
"sudoedit" is intented to just read a file, and save the respective
buffer. No interactive shell under the hood, no backup files, no remote
processes - nothing else but file reading and buffer saving. The idea is
to use a proper emacsclient call for this.

> I long ago put (setq tramp-mode nil) into my ~/.emacs file because of
> security concerns, so I wouldn't need to selectively disable sudo
> myself. But perhaps others who are less concerned about security (but
> still somewhat concerned) might want it.
> Come to think of it, if 'emacs -Q' enables Tramp by default then
> perhaps I should stop using 'emacs -Q'....

Tramp manifests itself via autoloads. They are still active when running
'emacs -Q'.

Tramp does already some actions when it detects that emacs has started
with "-Q". For example, it doesn't read the persistency file
"~/.emacs.d/tramp". We could extend this mechanism.

Best regards, Michael.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]