GNU bug report logs - #31709
27.0.50; Wishlist: Perhaps Emacs should load a file when getting a particular signal?

Previous Next

Package: emacs;

Reported by: Lars Ingebrigtsen <larsi <at> gnus.org>

Date: Mon, 4 Jun 2018 11:31:02 UTC

Severity: wishlist

Tags: wontfix

Found in version 27.0.50

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #41 received at 31709 <at> debbugs.gnu.org (full text, mbox):

From: Phil Sainty <psainty <at> orcon.net.nz>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 31709 <at> debbugs.gnu.org, Lars Ingebrigtsen <larsi <at> gnus.org>,
 bug-gnu-emacs <bug-gnu-emacs-bounces+psainty=orcon.net.nz <at> gnu.org>
Subject: Re: bug#31709: 27.0.50; Wishlist: Perhaps Emacs should load a file
 when getting a particular signal?
Date: Wed, 06 Jun 2018 03:51:10 +1200

On 2018-06-06 03:35, Phil Sainty wrote:
> On 2018-06-06 02:38, Eli Zaretskii wrote:
>> Having a fixed file name in Emacs that is loaded by an external signal
>> would be a terrible security risk, no?
> 
> Bad Things could surely be done; but if the attacker has access to
> send signals to the user's emacs process or write files in the user's
> ~/.emacs.d directory, has a terrible security breach not already
> occurred?  The notion of an attacker gaining access to a running Emacs
> session is certainly bad, but I'm unsure whether the proposed idea
> really worsens the risk in principle?

In fact if you normally run emacs as a server you're opening up the
same security risk, no?  An attacker who could send a signal to an
emacs process can also run emacsclient to access an existing server;
and I don't think we consider the practice of running an emacs server
to be a terrible security risk.


-Phil
This bug report was last modified 5 years and 246 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.