sudo access is not required to edit the init file.
The only requirement is that the user is a sudoer (a user that’s in
/etc/sudoers). It is different: a sudoer is a user that is able to elevate
to root after entering root password, it doesn't mean that it is always
doing things as root. Such a user still needs to explicitly "sudo" for
elevated commands (similar to "Run As Administrator" or UAC in Windows).

So what I identified here is that such a user can be used by an attacker to
edit the init file without elevating, even though the same file will be
loaded when elevating the editor.
The flow: after inserting malicious commands to the init script, all the
attacker has to do is wait for the user to elevate Emacs at some point
(under the assumption that the user will at some point elevate Emacs, which
may not always be true). The malicious commands will be run as root.

On Wed, Sep 27, 2017 at 6:44 PM John Wiegley <jwiegley@gmail.com> wrote:

> >>>>> "DA" == Dor Azouri <dor.azouri@safebreach.com> writes:
>
> DA> In short, a malicious actor that can execute code as one of the sudoers
> DA> (in non-elevated mode), can edit the init file, and add malicious
> commands
> DA> to it. Then he needs to wait for that user to invoke the editor in
> DA> elevated mode - and the plugin that was written before, will be loaded
> DA> with the root permissions.
>
> If the user has sudo access to run Emacs, isn't the game already over? They
> could M-x shell and rm -fr /, no?
>
> --
> John Wiegley                  GPG fingerprint = 4710 CF98 AF9B 327B B80F
> http://newartisans.com                          60E1 46C4 BD1A 7AC1 4BA2
>