From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Richard Stallman <rms@gnu.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#30912: emacs as a route to privilege escalation
Date: Sat, 24 Mar 2018 14:15:28 -0400
Message-ID: <E1eznhQ-0000Cr-Th@fencepost.gnu.org>
References: <CMM.0.95.0.1521762082.beebe@gamma.math.utah.edu>
	<m3in9nr7cy.fsf@gnus.org>
Reply-To: rms@gnu.org
NNTP-Posting-Host: blaine.gmane.org
Content-Type: text/plain; charset=Utf-8
X-Trace: blaine.gmane.org 1521915946 13206 195.159.176.226 (24 Mar 2018 18:25:46 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Sat, 24 Mar 2018 18:25:46 +0000 (UTC)
Cc: 30912@debbugs.gnu.org, beebe@math.utah.edu
To: Lars Ingebrigtsen <larsi@gnus.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sat Mar 24 19:25:41 2018
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1eznrG-0003HF-K4
	for geb-bug-gnu-emacs@m.gmane.org; Sat, 24 Mar 2018 19:25:38 +0100
Original-Received: from localhost ([::1]:46819 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1ezntJ-00051h-Vj
	for geb-bug-gnu-emacs@m.gmane.org; Sat, 24 Mar 2018 14:27:46 -0400
Original-Received: from eggs.gnu.org ([208.118.235.92]:40217)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1eznsA-0006kO-O1
	for bug-gnu-emacs@gnu.org; Sat, 24 Mar 2018 14:27:40 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1eznqg-00018w-FU
	for bug-gnu-emacs@gnu.org; Sat, 24 Mar 2018 14:26:08 -0400
Original-Received: from debbugs.gnu.org ([208.118.235.43]:43827)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1eznqg-00018p-Cj
	for bug-gnu-emacs@gnu.org; Sat, 24 Mar 2018 14:25:02 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1eznqg-0005tD-4D
	for bug-gnu-emacs@gnu.org; Sat, 24 Mar 2018 14:25:02 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Richard Stallman <rms@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Sat, 24 Mar 2018 18:25:02 +0000
Resent-Message-ID: <handler.30912.B30912.152191586022590@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 30912
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: security wontfix notabug
Original-Received: via spool by 30912-submit@debbugs.gnu.org id=B30912.152191586022590
	(code B ref 30912); Sat, 24 Mar 2018 18:25:02 +0000
Original-Received: (at 30912) by debbugs.gnu.org; 24 Mar 2018 18:24:20 +0000
Original-Received: from localhost ([127.0.0.1]:51724 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1eznq0-0005sH-9p
	for submit@debbugs.gnu.org; Sat, 24 Mar 2018 14:24:20 -0400
Original-Received: from eggs.gnu.org ([208.118.235.92]:59435)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <rms@gnu.org>) id 1eznpy-0005s3-3W
	for 30912@debbugs.gnu.org; Sat, 24 Mar 2018 14:24:18 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <rms@gnu.org>) id 1eznoo-00007s-T2
	for 30912@debbugs.gnu.org; Sat, 24 Mar 2018 14:24:12 -0400
Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:60707)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <rms@gnu.org>)
	id 1eznhR-0004Ho-AE; Sat, 24 Mar 2018 14:15:29 -0400
Original-Received: from rms by fencepost.gnu.org with local (Exim 4.82)
	(envelope-from <rms@gnu.org>)
	id 1eznhQ-0000Cr-Th; Sat, 24 Mar 2018 14:15:28 -0400
In-reply-to: <m3in9nr7cy.fsf@gnus.org> (message from Lars Ingebrigtsen on Fri, 
	23 Mar 2018 00:57:49 +0100)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -5.0 (-----)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-Spam-Score: -5.0 (-----)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 208.118.235.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs/>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: "bug-gnu-emacs"
	<bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.bugs:144579
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/144579>

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > It seems to be pure nonsense.  You can't edit root's ~/.emacs without
  > root privilege.

In principle, that should be the case, but sometimes it isn't.

Basically, it is true if the kernel has no bugs.
However, the kernel often does have a bug which can 
be used for "privilege escalation."  When such an exploit
is available, problems in user programs can be used to take
control of the computer.

But this does not require a add-on.  Bugs in programs that
display files obtained over the web, even files that are not
supposed to contain code at all, can be used to do this.

It is a real problem.

-- 
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
Skype: No way! See https://stallman.org/skype.html.