GNU bug report logs - #22202
24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems

Previous Next

Full log

View this message in rfc822 format

From: Eli Zaretskii <eliz <at> gnu.org>
To: Demetrios Obenour <demetriobenour <at> gmail.com>
Cc: rcopley <at> gmail.com, 22202 <at> debbugs.gnu.org, deng <at> randomsample.de
Subject: bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems
Date: Thu, 31 Dec 2015 19:24:52 +0200

> From: Demetrios Obenour <demetriobenour <at> gmail.com>
> Cc: David Engster <deng <at> randomsample.de>, 22202 <at> debbugs.gnu.org
> Date: Thu, 31 Dec 2015 12:04:38 -0500
> 
> The server secret should be entirely obtained from CryptGenRandom (or
> the function RtlGenRandom on which it is based).  The server secret is
> a cryptographic key and should be generated as such.  Using the same
> entropy to seed an insecure PRNG and the server secret is a bad idea --
> the server secret could be guessed based on PRNG output.

I don't understand what you are saying.  server.el doesn't use the
secret, it simply invokes the 'random' function several time to
generate the authentication key.  The secret is used to seed the PRNG
during Emacs startup, and it is used only once.

Given this description, how can the secret be guessed, and what are
the implications of that guess (if indeed it's possible) on the
ability of an attacker to control Emacs via the client socket?

> It would also be nice to expose a CSPRNG to Lisp on all platforms.  I
> know that SLIME could use it on Windows, and it would be nice if one
> could have a just-do-it API for this purpose.  Speed does not matter
> much here.

Patches are welcome, but they should include the same feature for
Posix hosts, probably using /dev/random.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.