GNU bug report logs - #22202
24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems

Previous Next

Package: emacs;

Reported by: Demetri Obenour <demetriobenour <at> gmail.com>

Date: Fri, 18 Dec 2015 10:09:01 UTC

Severity: normal

Tags: security

Found in version 24.5

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#22202: closed (24.5; SECURITY ISSUE -- Emacs Server
 vulnerable to random number generator attack on Windows systems)
Date: Fri, 15 Jan 2016 09:56:01 +0000

[Message part 1 (text/plain, inline)]

Your message dated Fri, 15 Jan 2016 11:55:11 +0200
with message-id <83r3hjf9q8.fsf <at> gnu.org>
and subject line Re: bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems
has caused the debbugs.gnu.org bug report #22202,
regarding 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
22202: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=22202
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Demetri Obenour <demetriobenour <at> gmail.com>
To: bug-gnu-emacs <at> gnu.org
Subject: 24.5;
 SECURITY ISSUE -- Emacs Server vulnerable to random number generator
 attack on Windows systems
Date: Fri, 18 Dec 2015 05:05:09 -0500

1. Be logged into the same Windows computer as someone else.
2. Have a process running that is notified whenever a process starts up
3. Have them run `emacs --daemon' or invoke `server-start'.
4. Use the knowledge of the current time and the server's PID to guess
   the authentication key.
5. Connect to the other user's Emacs server.
6. Execute arbitrary code with the other user's privileges.

Emacs does not provide a cryptographically secure random number
generator that can be used on all platforms (including Windows).  On
Unix-like systems, one can use `/dev/urandom', but Windows requires a
Windows API call to obtain entropy, which is not accessable from Emacs.

Emacs should provide a CSPRNG on ALL platforms, and this should be used
for the secret in the Emacs server.  This is a blocker to the use of the
Emacs server on Windows.



In GNU Emacs 24.5.1 (x86_64-redhat-linux-gnu, GTK+ Version 3.16.6)
 of 2015-09-14 on buildvm-10.phx2.fedoraproject.org
Windowing system distributor `Fedora Project', version 11.0.11704000
System Description:	Fedora release 22 (Twenty Two)

Configured using:
 `configure --build=x86_64-redhat-linux-gnu
 --host=x86_64-redhat-linux-gnu --program-prefix=
 --disable-dependency-tracking --prefix=/usr --exec-prefix=/usr
 --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc
 --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64
 --libexecdir=/usr/libexec --localstatedir=/var
 --sharedstatedir=/var/lib --mandir=/usr/share/man
 --infodir=/usr/share/info --with-dbus --with-gif --with-jpeg --with-png
 --with-rsvg --with-tiff --with-xft --with-xpm --with-x-toolkit=gtk3
 --with-gpm=no build_alias=x86_64-redhat-linux-gnu
 host_alias=x86_64-redhat-linux-gnu 'CFLAGS=-DMAIL_USE_LOCKF -O2 -g
 -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2
 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4
 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
 -m64 -mtune=generic' LDFLAGS=-Wl,-z,relro'

Important settings:
  value of $LANG: en_US.UTF-8
  value of $XMODIFIERS: @im=ibus
  locale-coding-system: utf-8-unix

Major mode: Tar

Minor modes in effect:
  display-time-mode: t
  display-battery-mode: t
  global-linum-mode: t
  linum-mode: t
  global-semanticdb-minor-mode: t
  global-semantic-idle-scheduler-mode: t
  show-paren-mode: t
  semantic-mode: t
  global-auto-complete-mode: t
  tooltip-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  column-number-mode: t
  line-number-mode: t
  global-visual-line-mode: t
  visual-line-mode: t
  transient-mark-mode: t

Recent messages:
For information about GNU Emacs and the GNU system, type C-h C-a.
Type "q" to delete help window.
user-error: Beginning of history; no preceding item
Quit [2 times]
user-error: Beginning of history; no preceding item
Making completion list...
File emacs-24.4.tar.xz is large (37.9M), really open? (y or n) y
XZ uncompressing emacs-24.4.tar.xz...done
Parsing tar file...done
Making completion list...

Load-path shadows:
/home/dobenour/.emacs.d/elpa/ada-mode-5.1.8/ada-ref-man hides /home/dobenour/.emacs.d/elpa/ada-ref-man-2012.0/ada-ref-man
/home/dobenour/.emacs.d/elpa/auctex-11.88.6/prv-emacs hides /usr/share/emacs/site-lisp/auctex/prv-emacs
/home/dobenour/.emacs.d/elpa/auctex-11.88.6/context-en hides /usr/share/emacs/site-lisp/auctex/context-en
/home/dobenour/.emacs.d/elpa/auctex-11.88.6/tex-bar hides /usr/share/emacs/site-lisp/auctex/tex-bar
/home/dobenour/.emacs.d/elpa/auctex-11.88.6/texmathp hides /usr/share/emacs/site-lisp/auctex/texmathp
/home/dobenour/.emacs.d/elpa/auctex-11.88.6/toolbar-x hides /usr/share/emacs/site-lisp/auctex/toolbar-x
/home/dobenour/.emacs.d/elpa/auctex-11.88.6/tex-buf hides /usr/share/emacs/site-lisp/auctex/tex-buf
/home/dobenour/.emacs.d/elpa/auctex-11.88.6/latex hides /usr/share/emacs/site-lisp/auctex/latex
/home/dobenour/.emacs.d/elpa/auctex-11.88.6/context-nl hides /usr/share/emacs/site-lisp/auctex/context-nl
/home/dobenour/.emacs.d/elpa/auctex-11.88.6/tex-jp hides /usr/share/emacs/site-lisp/auctex/tex-jp
/home/dobenour/.emacs.d/elpa/auctex-11.88.6/tex-style hides /usr/share/emacs/site-lisp/auctex/tex-style
/home/dobenour/.emacs.d/elpa/auctex-11.88.6/plain-tex hides /usr/share/emacs/site-lisp/auctex/plain-tex
/home/dobenour/.emacs.d/elpa/auctex-11.88.6/tex-fold hides /usr/share/emacs/site-lisp/auctex/tex-fold
/home/dobenour/.emacs.d/elpa/auctex-11.88.6/context hides /usr/share/emacs/site-lisp/auctex/context
/home/dobenour/.emacs.d/elpa/auctex-11.88.6/tex-mik hides /usr/share/emacs/site-lisp/auctex/tex-mik
/home/dobenour/.emacs.d/elpa/auctex-11.88.6/font-latex hides /usr/share/emacs/site-lisp/auctex/font-latex
/home/dobenour/.emacs.d/elpa/auctex-11.88.6/preview hides /usr/share/emacs/site-lisp/auctex/preview
/home/dobenour/.emacs.d/elpa/auctex-11.88.6/tex hides /usr/share/emacs/site-lisp/auctex/tex
/home/dobenour/.emacs.d/elpa/auctex-11.88.6/tex-font hides /usr/share/emacs/site-lisp/auctex/tex-font
/home/dobenour/.emacs.d/elpa/auctex-11.88.6/tex-info hides /usr/share/emacs/site-lisp/auctex/tex-info
/home/dobenour/.emacs.d/elpa/auctex-11.88.6/multi-prompt hides /usr/share/emacs/site-lisp/auctex/multi-prompt
/home/dobenour/.emacs.d/elpa/auctex-11.88.6/bib-cite hides /usr/share/emacs/site-lisp/auctex/bib-cite
/home/dobenour/.emacs.d/elpa/auctex-11.88.6/tex-site hides /usr/share/emacs/site-lisp/tex-site
/home/dobenour/.emacs.d/elpa/auctex-11.88.6/auctex hides /usr/share/emacs/site-lisp/site-start.d/auctex
/usr/share/emacs/site-lisp/site-start.d/slime-autoloads hides /usr/share/emacs/site-lisp/slime/slime-autoloads
/usr/share/emacs/site-lisp/site-start.d/slime hides /usr/share/emacs/site-lisp/slime/slime
/usr/share/emacs/site-lisp/site-start.d/hyperspec hides /usr/share/emacs/site-lisp/slime/hyperspec
/usr/share/emacs/site-lisp/site-start.d/maxima-modes hides /usr/share/emacs/site-lisp/maxima/site_start.d/maxima-modes
/home/dobenour/.emacs.d/elpa/ada-mode-5.1.8/ada-mode hides /usr/share/emacs/24.5/lisp/progmodes/ada-mode
/home/dobenour/.emacs.d/elpa/ada-mode-5.1.8/ada-xref hides /usr/share/emacs/24.5/lisp/progmodes/ada-xref
/home/dobenour/.emacs.d/elpa/ada-mode-5.1.8/ada-prj hides /usr/share/emacs/24.5/lisp/progmodes/ada-prj
/home/dobenour/.emacs.d/elpa/ada-mode-5.1.8/ada-stmt hides /usr/share/emacs/24.5/lisp/progmodes/ada-stmt
/home/dobenour/.emacs.d/elpa/org-20150608/ob-exp hides /usr/share/emacs/24.5/lisp/org/ob-exp
/home/dobenour/.emacs.d/elpa/org-20150608/ob-emacs-lisp hides /usr/share/emacs/24.5/lisp/org/ob-emacs-lisp
/home/dobenour/.emacs.d/elpa/org-20150608/ob-js hides /usr/share/emacs/24.5/lisp/org/ob-js
/home/dobenour/.emacs.d/elpa/org-20150608/org-loaddefs hides /usr/share/emacs/24.5/lisp/org/org-loaddefs
/home/dobenour/.emacs.d/elpa/org-20150608/ob-io hides /usr/share/emacs/24.5/lisp/org/ob-io
/home/dobenour/.emacs.d/elpa/org-20150608/org-gnus hides /usr/share/emacs/24.5/lisp/org/org-gnus
/home/dobenour/.emacs.d/elpa/org-20150608/ob-screen hides /usr/share/emacs/24.5/lisp/org/ob-screen
/home/dobenour/.emacs.d/elpa/org-20150608/ob-octave hides /usr/share/emacs/24.5/lisp/org/ob-octave
/home/dobenour/.emacs.d/elpa/org-20150608/org-docview hides /usr/share/emacs/24.5/lisp/org/org-docview
/home/dobenour/.emacs.d/elpa/org-20150608/org-faces hides /usr/share/emacs/24.5/lisp/org/org-faces
/home/dobenour/.emacs.d/elpa/org-20150608/ox-latex hides /usr/share/emacs/24.5/lisp/org/ox-latex
/home/dobenour/.emacs.d/elpa/org-20150608/ox-org hides /usr/share/emacs/24.5/lisp/org/ox-org
/home/dobenour/.emacs.d/elpa/org-20150608/org hides /usr/share/emacs/24.5/lisp/org/org
/home/dobenour/.emacs.d/elpa/org-20150608/ox-texinfo hides /usr/share/emacs/24.5/lisp/org/ox-texinfo
/home/dobenour/.emacs.d/elpa/org-20150608/ob hides /usr/share/emacs/24.5/lisp/org/ob
/home/dobenour/.emacs.d/elpa/org-20150608/ob-haskell hides /usr/share/emacs/24.5/lisp/org/ob-haskell
/home/dobenour/.emacs.d/elpa/org-20150608/ob-comint hides /usr/share/emacs/24.5/lisp/org/ob-comint
/home/dobenour/.emacs.d/elpa/org-20150608/org-crypt hides /usr/share/emacs/24.5/lisp/org/org-crypt
/home/dobenour/.emacs.d/elpa/org-20150608/org-bbdb hides /usr/share/emacs/24.5/lisp/org/org-bbdb
/home/dobenour/.emacs.d/elpa/org-20150608/org-colview hides /usr/share/emacs/24.5/lisp/org/org-colview
/home/dobenour/.emacs.d/elpa/org-20150608/ob-sqlite hides /usr/share/emacs/24.5/lisp/org/ob-sqlite
/home/dobenour/.emacs.d/elpa/org-20150608/ob-tangle hides /usr/share/emacs/24.5/lisp/org/ob-tangle
/home/dobenour/.emacs.d/elpa/org-20150608/org-protocol hides /usr/share/emacs/24.5/lisp/org/org-protocol
/home/dobenour/.emacs.d/elpa/org-20150608/org-entities hides /usr/share/emacs/24.5/lisp/org/org-entities
/home/dobenour/.emacs.d/elpa/org-20150608/ob-sql hides /usr/share/emacs/24.5/lisp/org/ob-sql
/home/dobenour/.emacs.d/elpa/org-20150608/ob-java hides /usr/share/emacs/24.5/lisp/org/ob-java
/home/dobenour/.emacs.d/elpa/org-20150608/ob-perl hides /usr/share/emacs/24.5/lisp/org/ob-perl
/home/dobenour/.emacs.d/elpa/org-20150608/ob-lisp hides /usr/share/emacs/24.5/lisp/org/ob-lisp
/home/dobenour/.emacs.d/elpa/org-20150608/org-capture hides /usr/share/emacs/24.5/lisp/org/org-capture
/home/dobenour/.emacs.d/elpa/org-20150608/org-list hides /usr/share/emacs/24.5/lisp/org/org-list
/home/dobenour/.emacs.d/elpa/org-20150608/ob-core hides /usr/share/emacs/24.5/lisp/org/ob-core
/home/dobenour/.emacs.d/elpa/org-20150608/ob-picolisp hides /usr/share/emacs/24.5/lisp/org/ob-picolisp
/home/dobenour/.emacs.d/elpa/org-20150608/ob-ledger hides /usr/share/emacs/24.5/lisp/org/ob-ledger
/home/dobenour/.emacs.d/elpa/org-20150608/ob-R hides /usr/share/emacs/24.5/lisp/org/ob-R
/home/dobenour/.emacs.d/elpa/org-20150608/org-mhe hides /usr/share/emacs/24.5/lisp/org/org-mhe
/home/dobenour/.emacs.d/elpa/org-20150608/ob-sh hides /usr/share/emacs/24.5/lisp/org/ob-sh
/home/dobenour/.emacs.d/elpa/org-20150608/org-mobile hides /usr/share/emacs/24.5/lisp/org/org-mobile
/home/dobenour/.emacs.d/elpa/org-20150608/org-mouse hides /usr/share/emacs/24.5/lisp/org/org-mouse
/home/dobenour/.emacs.d/elpa/org-20150608/org-timer hides /usr/share/emacs/24.5/lisp/org/org-timer
/home/dobenour/.emacs.d/elpa/org-20150608/ob-sass hides /usr/share/emacs/24.5/lisp/org/ob-sass
/home/dobenour/.emacs.d/elpa/org-20150608/org-irc hides /usr/share/emacs/24.5/lisp/org/org-irc
/home/dobenour/.emacs.d/elpa/org-20150608/org-info hides /usr/share/emacs/24.5/lisp/org/org-info
/home/dobenour/.emacs.d/elpa/org-20150608/org-w3m hides /usr/share/emacs/24.5/lisp/org/org-w3m
/home/dobenour/.emacs.d/elpa/org-20150608/ob-scheme hides /usr/share/emacs/24.5/lisp/org/ob-scheme
/home/dobenour/.emacs.d/elpa/org-20150608/ox-md hides /usr/share/emacs/24.5/lisp/org/ox-md
/home/dobenour/.emacs.d/elpa/org-20150608/org-eshell hides /usr/share/emacs/24.5/lisp/org/org-eshell
/home/dobenour/.emacs.d/elpa/org-20150608/org-datetree hides /usr/share/emacs/24.5/lisp/org/org-datetree
/home/dobenour/.emacs.d/elpa/org-20150608/org-attach hides /usr/share/emacs/24.5/lisp/org/org-attach
/home/dobenour/.emacs.d/elpa/org-20150608/ob-org hides /usr/share/emacs/24.5/lisp/org/ob-org
/home/dobenour/.emacs.d/elpa/org-20150608/org-bibtex hides /usr/share/emacs/24.5/lisp/org/org-bibtex
/home/dobenour/.emacs.d/elpa/org-20150608/ox-publish hides /usr/share/emacs/24.5/lisp/org/ox-publish
/home/dobenour/.emacs.d/elpa/org-20150608/ob-matlab hides /usr/share/emacs/24.5/lisp/org/ob-matlab
/home/dobenour/.emacs.d/elpa/org-20150608/ob-ruby hides /usr/share/emacs/24.5/lisp/org/ob-ruby
/home/dobenour/.emacs.d/elpa/org-20150608/org-rmail hides /usr/share/emacs/24.5/lisp/org/org-rmail
/home/dobenour/.emacs.d/elpa/org-20150608/org-ctags hides /usr/share/emacs/24.5/lisp/org/org-ctags
/home/dobenour/.emacs.d/elpa/org-20150608/org-element hides /usr/share/emacs/24.5/lisp/org/org-element
/home/dobenour/.emacs.d/elpa/org-20150608/ob-python hides /usr/share/emacs/24.5/lisp/org/ob-python
/home/dobenour/.emacs.d/elpa/org-20150608/org-footnote hides /usr/share/emacs/24.5/lisp/org/org-footnote
/home/dobenour/.emacs.d/elpa/org-20150608/ob-mscgen hides /usr/share/emacs/24.5/lisp/org/ob-mscgen
/home/dobenour/.emacs.d/elpa/org-20150608/org-inlinetask hides /usr/share/emacs/24.5/lisp/org/org-inlinetask
/home/dobenour/.emacs.d/elpa/org-20150608/ob-plantuml hides /usr/share/emacs/24.5/lisp/org/ob-plantuml
/home/dobenour/.emacs.d/elpa/org-20150608/ob-latex hides /usr/share/emacs/24.5/lisp/org/ob-latex
/home/dobenour/.emacs.d/elpa/org-20150608/ox-man hides /usr/share/emacs/24.5/lisp/org/ox-man
/home/dobenour/.emacs.d/elpa/org-20150608/org-habit hides /usr/share/emacs/24.5/lisp/org/org-habit
/home/dobenour/.emacs.d/elpa/org-20150608/org-clock hides /usr/share/emacs/24.5/lisp/org/org-clock
/home/dobenour/.emacs.d/elpa/org-20150608/ob-asymptote hides /usr/share/emacs/24.5/lisp/org/ob-asymptote
/home/dobenour/.emacs.d/elpa/org-20150608/org-macro hides /usr/share/emacs/24.5/lisp/org/org-macro
/home/dobenour/.emacs.d/elpa/org-20150608/ob-scala hides /usr/share/emacs/24.5/lisp/org/ob-scala
/home/dobenour/.emacs.d/elpa/org-20150608/org-install hides /usr/share/emacs/24.5/lisp/org/org-install
/home/dobenour/.emacs.d/elpa/org-20150608/ox-html hides /usr/share/emacs/24.5/lisp/org/ox-html
/home/dobenour/.emacs.d/elpa/org-20150608/org-compat hides /usr/share/emacs/24.5/lisp/org/org-compat
/home/dobenour/.emacs.d/elpa/org-20150608/ox-beamer hides /usr/share/emacs/24.5/lisp/org/ox-beamer
/home/dobenour/.emacs.d/elpa/org-20150608/org-feed hides /usr/share/emacs/24.5/lisp/org/org-feed
/home/dobenour/.emacs.d/elpa/org-20150608/org-id hides /usr/share/emacs/24.5/lisp/org/org-id
/home/dobenour/.emacs.d/elpa/org-20150608/ob-lilypond hides /usr/share/emacs/24.5/lisp/org/ob-lilypond
/home/dobenour/.emacs.d/elpa/org-20150608/org-src hides /usr/share/emacs/24.5/lisp/org/org-src
/home/dobenour/.emacs.d/elpa/org-20150608/org-macs hides /usr/share/emacs/24.5/lisp/org/org-macs
/home/dobenour/.emacs.d/elpa/org-20150608/ob-clojure hides /usr/share/emacs/24.5/lisp/org/ob-clojure
/home/dobenour/.emacs.d/elpa/org-20150608/ob-maxima hides /usr/share/emacs/24.5/lisp/org/ob-maxima
/home/dobenour/.emacs.d/elpa/org-20150608/ob-css hides /usr/share/emacs/24.5/lisp/org/ob-css
/home/dobenour/.emacs.d/elpa/org-20150608/org-plot hides /usr/share/emacs/24.5/lisp/org/org-plot
/home/dobenour/.emacs.d/elpa/org-20150608/org-indent hides /usr/share/emacs/24.5/lisp/org/org-indent
/home/dobenour/.emacs.d/elpa/org-20150608/org-archive hides /usr/share/emacs/24.5/lisp/org/org-archive
/home/dobenour/.emacs.d/elpa/org-20150608/org-pcomplete hides /usr/share/emacs/24.5/lisp/org/org-pcomplete
/home/dobenour/.emacs.d/elpa/org-20150608/ob-makefile hides /usr/share/emacs/24.5/lisp/org/ob-makefile
/home/dobenour/.emacs.d/elpa/org-20150608/ox-icalendar hides /usr/share/emacs/24.5/lisp/org/ox-icalendar
/home/dobenour/.emacs.d/elpa/org-20150608/org-agenda hides /usr/share/emacs/24.5/lisp/org/org-agenda
/home/dobenour/.emacs.d/elpa/org-20150608/ob-table hides /usr/share/emacs/24.5/lisp/org/ob-table
/home/dobenour/.emacs.d/elpa/org-20150608/ob-eval hides /usr/share/emacs/24.5/lisp/org/ob-eval
/home/dobenour/.emacs.d/elpa/org-20150608/ox hides /usr/share/emacs/24.5/lisp/org/ox
/home/dobenour/.emacs.d/elpa/org-20150608/ob-awk hides /usr/share/emacs/24.5/lisp/org/ob-awk
/home/dobenour/.emacs.d/elpa/org-20150608/ox-odt hides /usr/share/emacs/24.5/lisp/org/ox-odt
/home/dobenour/.emacs.d/elpa/org-20150608/ob-lob hides /usr/share/emacs/24.5/lisp/org/ob-lob
/home/dobenour/.emacs.d/elpa/org-20150608/ox-ascii hides /usr/share/emacs/24.5/lisp/org/ox-ascii
/home/dobenour/.emacs.d/elpa/org-20150608/org-table hides /usr/share/emacs/24.5/lisp/org/org-table
/home/dobenour/.emacs.d/elpa/org-20150608/ob-shen hides /usr/share/emacs/24.5/lisp/org/ob-shen
/home/dobenour/.emacs.d/elpa/org-20150608/ob-keys hides /usr/share/emacs/24.5/lisp/org/ob-keys
/home/dobenour/.emacs.d/elpa/org-20150608/ob-calc hides /usr/share/emacs/24.5/lisp/org/ob-calc
/home/dobenour/.emacs.d/elpa/org-20150608/ob-ocaml hides /usr/share/emacs/24.5/lisp/org/ob-ocaml
/home/dobenour/.emacs.d/elpa/org-20150608/org-version hides /usr/share/emacs/24.5/lisp/org/org-version
/home/dobenour/.emacs.d/elpa/org-20150608/ob-C hides /usr/share/emacs/24.5/lisp/org/ob-C
/home/dobenour/.emacs.d/elpa/org-20150608/ob-ditaa hides /usr/share/emacs/24.5/lisp/org/ob-ditaa
/home/dobenour/.emacs.d/elpa/org-20150608/ob-ref hides /usr/share/emacs/24.5/lisp/org/ob-ref
/home/dobenour/.emacs.d/elpa/org-20150608/ob-fortran hides /usr/share/emacs/24.5/lisp/org/ob-fortran
/home/dobenour/.emacs.d/elpa/org-20150608/ob-dot hides /usr/share/emacs/24.5/lisp/org/ob-dot
/home/dobenour/.emacs.d/elpa/org-20150608/ob-gnuplot hides /usr/share/emacs/24.5/lisp/org/ob-gnuplot

Features:
(shadow sort gnus-util mail-extr emacsbug message format-spec rfc822 mml
mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231 mailabbrev
gmm-utils mailheader sendmail rfc2047 rfc2045 ietf-drums mm-util
mail-prsvr mail-utils tar-mode jka-compr eieio-opt speedbar sb-image
dframe help-mode info package julia-mode ert find-func ewoc debug rx tls
server idris-autoloads toml-mode-init rust-mode-autoloads time battery
linum semantic/db-mode semantic/db eieio-base semantic/idle
semantic/format ezimage semantic/tag-ls semantic/find semantic/ctxt
saveplace paren semantic/util-modes semantic/util semantic semantic/tag
semantic/lex semantic/fw eieio eieio-core mode-local cedet cus-start
cus-load vc vc-dispatcher advice u-vm-color vm-autoloads vm-vars
vm-version slime warnings byte-opt bytecomp byte-compile cconv derived
cl-extra help-fns easy-mmode easymenu pp comint ansi-color ring
slime-autoloads preview-latex proof-site proof-autoloads pg-vars
hyperspec cl-macs thingatpt browse-url cl gv bbdb-loaddefs
auto-complete-config auto-complete edmacro kmacro cl-loaddefs cl-lib
popup tex-site auto-loads agda2 time-date tooltip electric uniquify
ediff-hook vc-hooks lisp-float-type mwheel x-win x-dnd tool-bar dnd
fontset image regexp-opt fringe tabulated-list newcomment lisp-mode
prog-mode register page menu-bar rfn-eshadow timer select scroll-bar
mouse jit-lock font-lock syntax facemenu font-core frame cham georgian
utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean
japanese hebrew greek romanian slovak czech european ethiopic indian
cyrillic chinese case-table epa-hook jka-cmpr-hook help simple abbrev
minibuffer nadvice loaddefs button faces cus-face macroexp files
text-properties overlay sha1 md5 base64 format env code-pages mule
custom widget hashtable-print-readable backquote make-network-process
dbusbind gfilenotify dynamic-setting system-font-setting
font-render-setting move-toolbar gtk x-toolkit x multi-tty emacs)

Memory information:
((conses 16 250685 11999)
 (symbols 48 31904 0)
 (miscs 40 5369 181)
 (strings 32 64890 8146)
 (string-bytes 1 1659171)
 (vectors 16 23573)
 (vector-slots 8 581629 6882)
 (floats 8 129 250)
 (intervals 56 10649 30)
 (buffers 960 16)
 (heap 1024 52593 2624))

[Message part 3 (message/rfc822, inline)]

From: Eli Zaretskii <eliz <at> gnu.org>
To: Richard Copley <rcopley <at> gmail.com>
Cc: demetriobenour <at> gmail.com, deng <at> randomsample.de, 22202-done <at> debbugs.gnu.org
Subject: Re: bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to
 random number generator attack on Windows systems
Date: Fri, 15 Jan 2016 11:55:11 +0200

> From: Richard Copley <rcopley <at> gmail.com>
> Date: Thu, 31 Dec 2015 19:49:42 +0000
> Cc: Demetrios Obenour <demetriobenour <at> gmail.com>, David Engster <deng <at> randomsample.de>, 
> 	22202 <at> debbugs.gnu.org
> 
> >> That last patch would still improve matters. The user would have
> >> to be publishing the output of their PRNG to begin with in order
> >> for the attacker to analyse it and guess the seed. (I don't know
> >> how one could do that but that's no proof that it's impossible.)
> >
> >I don't even understand how that could be possible.
> 
> Me either, but that doesn't make it impossible. (There are articles
> on the web demonstrating such feats, if you're interested.)
> 
> >> What Demetri has just described is what I would do.
> >
> >Now I'm confused: do what?
> 
> As I understand it: Provide a function callable from lisp that returns
> a cryptographically secure sequence of random bytes, of a specified
> length. Use that function to generate the server secret.

That'd be an enhancement, not a bug.  Patches to provide such an API
are welcome, now that the infrastructure exists both on Posix hosts
and on MS-Windows (see below), the rest should be easy: one just needs
to follow the established APIs in other Lisp-like environments, I
think.

> >We still need to support 'random' with an
> >argument, so we cannot get rid of seeding a PRNG with a known value.
> >And I didn't want to remove srandom.
> 
> Given the above, we could leave "random", etc., as they are, or we
> could use a better PRNG and/or seed with system entropy. It would
> no longer be tied up with this issue report.

I preferred to make it possible to pass a cryptographically secure
byte stream to 'srandom' instead.  See commit 3ffe81e on the emacs-25
branch.  This leaves the basic 'random' functionality intact, so no
Lisp packages should be affected.

I'm therefore marking this bug as done.  Thanks for the feedback.

This bug report was last modified 9 years and 180 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #22202 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems

GNU bug report logs - #22202
24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems