bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#28618: Emacs Security Issue

From: Dor Azouri
Subject: bug#28618: Emacs Security Issue
Date: Sun, 01 Oct 2017 15:27:58 +0000
Thanks for checking this problem.
I am convinced by the comments that this is not a pure Emacs issue, though a step can still be taken to help users protect from this abuse.

For example, Notepad++ on Windows does not load user plugins (located in AppData) when run as Administrator - unless an Administrator explicitly puts a specific file in the protected installation directory ("allowAppDataPlugins.xml").

Best,
Dor Azouri


On Sat, Sep 30, 2017 at 1:55 AM Noam Postavsky <npostavs@users.sourceforge.net> wrote:
tags 28618 - unreproducible
tags 28618 + notabug
quit

Glenn Morris <rgm@gnu.org> writes:

> On some systems, sudo may preserve HOME by default. Or it may be
> optional behaviour with "sudo -E" (eg on Debian 8, it seems).

Ah, that explains the discrepancy then (it's the same with Debian 9,
which I'm using here).

> Ref eg
>
> https://security.stackexchange.com/questions/18369/issues-with-preserving-home-on-sudo
>
> As it stands, I don't think this is an Emacs issue.

I agree.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]