[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

How do I report security issue?

From: Kenneth Wyatt
Subject: How do I report security issue?
Date: Sun, 11 Jul 2021 19:18:00 +1000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0

Hi guys,

I found a very simple way to get sudo/root shell in Emacs without passing a password check for launching the shell. While it does rely on actions by a user who does know the sudo password, once these actions are taken, an unattended terminal can be used to gain full sudo shell session with (from what I can tell) no timeout on one's ability to do so.

Unsure exactly where to report this as the public bugtracker seems inappropriate even if reporting it seems unlikely to result in widespread in-the-wild use.

It's totally possible this is also "as intended" behaviour, but that seems unlikely, and if it is, I think changing the default behaviour would be the responsible thing to do. I'm sure I'm not the first person to discover this, but an admittedly cursory search didn't turn up discussion online.

Could someone direct me where to report the replication steps in a responsible manner?

Thanks so much,


reply via email to

[Prev in Thread] Current Thread [Next in Thread]