GNU bug report logs - #30912
[bug-gnu-emacs] emacs as a route to privilege escalation

Previous Next

Package: emacs;

Reported by: "Nelson H. F. Beebe" <beebe <at> math.utah.edu>

Date: Thu, 22 Mar 2018 23:42:01 UTC

Severity: normal

Tags: notabug, security, wontfix

Merged with 28618

Done: Noam Postavsky <npostavs <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Richard Stallman <rms <at> gnu.org>
To: Lars Ingebrigtsen <larsi <at> gnus.org>
Cc: 30912 <at> debbugs.gnu.org, beebe <at> math.utah.edu
Subject: bug#30912: emacs as a route to privilege escalation
Date: Sat, 24 Mar 2018 14:15:28 -0400

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > It seems to be pure nonsense.  You can't edit root's ~/.emacs without
  > root privilege.

In principle, that should be the case, but sometimes it isn't.

Basically, it is true if the kernel has no bugs.
However, the kernel often does have a bug which can 
be used for "privilege escalation."  When such an exploit
is available, problems in user programs can be used to take
control of the computer.

But this does not require a add-on.  Bugs in programs that
display files obtained over the web, even files that are not
supposed to contain code at all, can be used to do this.

It is a real problem.

-- 
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
Skype: No way! See https://stallman.org/skype.html.
This bug report was last modified 7 years and 56 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.