GNU bug report logs - #28618
Emacs respects $HOME, even when user is root

Previous Next

Package: emacs;

Reported by: Dor Azouri <dor.azouri <at> safebreach.com>

Date: Wed, 27 Sep 2017 15:31:01 UTC

Severity: normal

Tags: notabug, security, wontfix

Merged with 30912

Done: Noam Postavsky <npostavs <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #51 received at control <at> debbugs.gnu.org (full text, mbox):

From: Noam Postavsky <npostavs <at> users.sourceforge.net>
To: Dor Azouri <dor.azouri <at> safebreach.com>
Cc: 28618 <at> debbugs.gnu.org, Glenn Morris <rgm <at> gnu.org>
Subject: Re: bug#28618: Emacs Security Issue
Date: Thu, 05 Oct 2017 22:23:37 -0400

retitle 28618 Emacs respects $HOME, even when user is root
tags 28618 + wontfix
quit

Dor Azouri <dor.azouri <at> safebreach.com> writes:

> Thanks for checking this problem.
> I am convinced by the comments that this is not a pure Emacs issue,
> though a step can still be taken to help users protect from this
> abuse.
>
> For example, Notepad++ on Windows does not load user plugins (located
> in AppData) when run as Administrator - unless an Administrator
> explicitly puts a specific file in the protected installation
> directory ("allowAppDataPlugins.xml").

It could be different for Windows, but for GNU/Linux I think the
previous messages already explained why this doesn't actually protect
anything.  The user can still get the behaviour they like by setting the
appropriate sudo option.  I don't see why Emacs should override that.

This bug report was last modified 7 years and 58 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #28618 Emacs respects $HOME, even when user is root

GNU bug report logs - #28618
Emacs respects $HOME, even when user is root