bug#28618: Emacs Security Issue

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#28618: Emacs Security Issue

From:	John Wiegley
Subject:	bug#28618: Emacs Security Issue
Date:	Wed, 27 Sep 2017 08:44:34 -0700
User-agent:	Gnus/5.130016 (Ma Gnus v0.16) Emacs/26.0 (darwin)

>>>>> "DA" == Dor Azouri <dor.azouri@safebreach.com> writes:

DA> In short, a malicious actor that can execute code as one of the sudoers
DA> (in non-elevated mode), can edit the init file, and add malicious commands
DA> to it. Then he needs to wait for that user to invoke the editor in
DA> elevated mode - and the plugin that was written before, will be loaded
DA> with the root permissions.

If the user has sudo access to run Emacs, isn't the game already over? They
could M-x shell and rm -fr /, no?

-- 
John Wiegley                  GPG fingerprint = 4710 CF98 AF9B 327B B80F
http://newartisans.com                          60E1 46C4 BD1A 7AC1 4BA2

[Prev in Thread]

Current Thread

[Next in Thread]

bug#28618: Emacs Security Issue, Dor Azouri, 2017/09/27
- bug#28618: Emacs Security Issue, John Wiegley <=
  - bug#28618: Emacs Security Issue, Dor Azouri, 2017/09/27
- bug#28618: Emacs Security Issue, Andreas Schwab, 2017/09/27
- bug#28618: Emacs Security Issue, Glenn Morris, 2017/09/27
  - bug#28618: Emacs Security Issue, Glenn Morris, 2017/09/27
- bug#28618: Emacs Security Issue, Noam Postavsky, 2017/09/28
  - bug#28618: Emacs Security Issue, Dor Azouri, 2017/09/29
    - bug#28618: Emacs Security Issue, Noam Postavsky, 2017/09/29
    - bug#28618: Emacs Security Issue, Glenn Morris, 2017/09/29
    - bug#28618: Emacs Security Issue, Noam Postavsky, 2017/09/29

Prev by Date: bug#28620: Mouse drag event records wrong window for release when crossing frames
Next by Date: bug#28618: Emacs Security Issue
Previous by thread: bug#28618: Emacs Security Issue
Next by thread: bug#28618: Emacs Security Issue
Index(es):
- Date
- Thread