GNU bug report logs - #31709
27.0.50; Wishlist: Perhaps Emacs should load a file when getting a particular signal?

Previous Next

Package: emacs;

Reported by: Lars Ingebrigtsen <larsi <at> gnus.org>

Date: Mon, 4 Jun 2018 11:31:02 UTC

Severity: wishlist

Tags: wontfix

Found in version 27.0.50

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Phil Sainty <psainty <at> orcon.net.nz>
To: Robert Pluim <rpluim <at> gmail.com>
Cc: 31709 <at> debbugs.gnu.org, Lars Ingebrigtsen <larsi <at> gnus.org>, bug-gnu-emacs <bug-gnu-emacs-bounces+psainty=orcon.net.nz <at> gnu.org>
Subject: bug#31709: 27.0.50; Wishlist: Perhaps Emacs should load a file when getting a particular signal?
Date: Wed, 06 Jun 2018 05:05:54 +1200

On 2018-06-06 04:36, Phil Sainty wrote:
> On 2018-06-06 04:24, Robert Pluim wrote:
>> What if this hypothetical emacs was deliberately started without a
>> server running, since it contains sensitive information? Starting a
>> server when receiving a signal has now opened up access to that emacs
>> where none existed before.
> 
> Certainly -- if we *are* treating emacs servers in general as a 
> security
> risk, then the concern seems valid.

Of course if the attacker can edit files in the user's ~/.emacs.d then
there's already nothing to stop them from adding a custom [sigusr1]
binding to the user's init file or some other loaded file in their
config (or site-start.el or a core library if they had root), and
enabling the behaviour we're discussing for the user's future emacs
sessions (albeit in a way which might be more apparent to the user,
depending on how they manage their config).

-Phil
This bug report was last modified 5 years and 246 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.