GNU bug report logs - #28618
Emacs respects $HOME, even when user is root

Previous Next

Package: emacs;

Reported by: Dor Azouri <dor.azouri <at> safebreach.com>

Date: Wed, 27 Sep 2017 15:31:01 UTC

Severity: normal

Tags: notabug, security, wontfix

Merged with 30912

Done: Noam Postavsky <npostavs <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #17 received at 28618 <at> debbugs.gnu.org (full text, mbox):

From: Glenn Morris <rgm <at> gnu.org>
To: Dor Azouri <dor.azouri <at> safebreach.com>
Cc: 28618 <at> debbugs.gnu.org
Subject: Re: bug#28618: Emacs Security Issue
Date: Wed, 27 Sep 2017 13:24:41 -0400

Dor Azouri wrote:

> I would like to report a possible abuse one can perform on Emacs's
> extensibility mechanism, that may lead to privilege escalation.
>
> In short, a malicious actor that can execute code as one of the sudoers (in
> non-elevated mode), can edit the init file, and add malicious commands to
> it. Then he needs to wait for that user to invoke the editor in elevated
> mode - and the plugin that was written before, will be loaded with the root
> permissions.

If an attacker has comprised a user account that can run "sudo arbitrary
command", then that's just the same as having compromised the root
account, and so worrying about this on the individual application level
doesn't seem to make sense. Eg they could replace "sudo" with a keylogger.
This bug report was last modified 7 years and 57 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.