[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random num
From: |
David Engster |
Subject: |
bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems |
Date: |
Tue, 29 Dec 2015 21:00:55 +0100 |
User-agent: |
Gnus/5.13001 (Ma Gnus v0.10) Emacs/24.5 (gnu/linux) |
Richard Copley writes:
> On 29 December 2015 at 16:21, Eli Zaretskii <eliz@gnu.org> wrote:
>>> Date: Tue, 29 Dec 2015 15:36:12 +0000
>>> From: Richard Copley <rcopley@gmail.com>
>>>
>
>>> > Please provide the necessary details for reproducing this problem and
>>> > verifying the solution. What I'm missing:
>>> >
>>> > > 1. Be logged into the same Windows computer as someone else.
>>> >
>>> > How do you do that? I understand you are describing a situation where
>>> > 2 users are logged into the same Windows system simultaneously using
>>> > the same credentials, is that true? If so, how to create such a
>>> > situation?
>>>
>>> I don't think that is possible; however, two /different/ accounts can
>>> be logged in to a computer at the same time, via Remote Desktop or
>>> Fast User Switching.
>>
>> Logging in via Remote Desktop usurps the system, AFAIK. So these
>> possibilities are not relevant to the issue at hand.
>
> That is definitely not correct. In some configurations several users
> can connect via remote desktop. I do this every day. It /might/ be
> necessary to have a "Professional" and/or Server edition of Windows.
> A licensed Terminal Server supports dozens of sessions at once.
That's correct (it requires a Windows Server with enabled terminal
services), but each user session has of course its own process space, so
I don't see how the described attack could work there.
-David
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Demetri Obenour, 2015/12/18
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Eli Zaretskii, 2015/12/18
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Richard Copley, 2015/12/29
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Eli Zaretskii, 2015/12/29
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Eli Zaretskii, 2015/12/30
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Richard Copley, 2015/12/30
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Eli Zaretskii, 2015/12/30
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Richard Copley, 2015/12/30
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Eli Zaretskii, 2015/12/31
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Richard Copley, 2015/12/30
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Demetrios Obenour, 2015/12/31