bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems

[Richard Copley]

>> [...]
>
> That's correct (it requires a Windows Server with enabled terminal
> services), but each user session has of course its own process space, so
> I don't see how the described attack could work there.

Not sure what you mean by process space. As an unprivileged user
you can find other users' Emacs processes without any effort (using
tasklist.exe, for example). If you know on what port an Emacs server
is listening (which is admittedly a difficulty), you can send bytes to it.
I've just done so as an experiment. (I was driving both sessions so I
knew the server port.)

I haven't reproduced the whole attack scenario and I don't pretend
know whether it could work. I don't claim any expertise in software
security. I just wanted to help out by answering Eli's questions.

To get back to the OP's main point, given that we already go to the
trouble of creating this secret, it wouldn't hurt to do it better (on all
systems, for preference). On Windows it really doesn't seem hard.
Sorry, no patch, for legal reasons, but there's a simple example on
the MSDN page for CryptGenRandom.