GNU bug report logs - #22202
24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems

Previous Next

Package: emacs;

Reported by: Demetri Obenour <demetriobenour <at> gmail.com>

Date: Fri, 18 Dec 2015 10:09:01 UTC

Severity: normal

Tags: security

Found in version 24.5

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #11 received at 22202 <at> debbugs.gnu.org (full text, mbox):

From: Richard Copley <rcopley <at> gmail.com>
To: Eli Zaretskii <eliz <at> gnu.org>, Demetri Obenour <demetriobenour <at> gmail.com>,
 22202 <at> debbugs.gnu.org
Subject: Re: bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to
 random number generator attack on Windows systems
Date: Tue, 29 Dec 2015 15:36:12 +0000

> Please provide the necessary details for reproducing this problem and
> verifying the solution.  What I'm missing:
>
> > 1. Be logged into the same Windows computer as someone else.
>
> How do you do that?  I understand you are describing a situation where
> 2 users are logged into the same Windows system simultaneously using
> the same credentials, is that true?  If so, how to create such a
> situation?

I don't think that is possible; however, two /different/ accounts can
be logged in to a computer at the same time, via Remote Desktop or
Fast User Switching. (If the computer is a Remote Desktop server then
two users can be simultaneously interacting with their desktops, in
separate sessions. That's not at all uncommon in a business
environment, but I don't think it's relevant to this question.)

> > 2. Have a process running that is notified whenever a process starts up
> > 3. Have them run `emacs --daemon' or invoke `server-start'.
> > 4. Use the knowledge of the current time and the server's PID to guess
> >    the authentication key.
>
> I don't think we use the current time and PID for that, but even if we
> do, how do you get a hold of the time at the moment of the server
> creation to nanosecond resolution?  Please tell how to do that.

We use function "random" (see function "server-generate-key"); its
seed is typically set at startup using the current time and PID (see
"init_random()" in sysdep.c), so it's the time Emacs started that you
would want to know, not the time the server started. You can get the
start time (to the nearest second at least) and PID of any user's
processes using, e.g., Process Explorer.

I'm not sure what resolution timestamp we end up using as the seed.
gettime() might return microsecond timestamps in certain configurations.

I can't speak for Demetri but it seems to me he's imagining an attacker
who is prepared to use a certain amount of brute force. Knowing or
guessing the Emacs start time within a few seconds would reduce the
search space.
This bug report was last modified 9 years and 179 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.