From: Eli Zaretskii <eliz@gnu.org>
To: Paul Eggert <eggert@cs.ucla.edu>
Cc: 37445@debbugs.gnu.org, tino.calancha@gmail.com
Subject: bug#37445: 27.0.50; Permission denied after make install
Date: Fri, 20 Sep 2019 15:40:59 +0300 [thread overview]
Message-ID: <83woe3rvhg.fsf@gnu.org> (raw)
In-Reply-To: <a447510f-da03-baae-58a3-0d2035603acc@cs.ucla.edu> (message from Paul Eggert on Fri, 20 Sep 2019 02:10:10 -0700)
> From: Paul Eggert <eggert@cs.ucla.edu>
> Date: Fri, 20 Sep 2019 02:10:10 -0700
> Cc: 37445@debbugs.gnu.org
>
> This glitch suggests that there are more-serious security problems in the
> default Emacs install. If source-directory is (say) "/tmp/emacs-build/whatever",
> and /tmp/emacs-build is removed after the build, an attacker can provide a bogus
> source directory in place of the real one, and this could cause real problems.
What kind of problems could accessing such a directory cause?
Note that there are also various EMACS* environment variables to which
Emacs heeds, they can override the likes of data-directory.
> Fedora 30 solves this potential security problem by arranging for the Lisp
> variable source-directory to have a value like "/usr/share/emacs/26.2/", which
> is a place attackers shouldn't be able to overwrite.
>
> However, the default Emacs install doesn't do that. It installs the sources into
> (say) "/usr/local/share/emacs/27.0.50", but it doesn't arrange for
> source-directory to point there; instead, source-directory points to wherever
> the sources happened to be when Emacs was built, which could be in /tmp. This
> sounds like a configuration error in the default Emacs install, and I plan to
> look into why it's unsafe whereas the Fedora Emacs install is safer.
If you point source-directory away of where the real sources are, some
Help features will cease working. So I don't think we want the Fedora
solution. What we want is that sources will be inaccessible in this
situation, but APIs such as 'load' and 'require' still work
regardless.
next prev parent reply other threads:[~2019-09-20 12:40 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-18 9:02 bug#37445: 27.0.50; Permission denied after make install Tino Calancha
2019-09-18 19:12 ` Paul Eggert
2019-09-19 6:57 ` Paul Eggert
2019-09-19 11:35 ` Tino Calancha
2019-09-19 17:41 ` Paul Eggert
2019-09-20 6:07 ` Tino Calancha
2019-09-20 7:00 ` Eli Zaretskii
2019-09-20 9:10 ` Paul Eggert
2019-09-20 12:40 ` Eli Zaretskii [this message]
2019-09-20 18:17 ` Paul Eggert
2019-09-20 18:59 ` Eli Zaretskii
2019-09-20 19:33 ` Paul Eggert
2019-09-21 6:07 ` Eli Zaretskii
2019-09-26 20:11 ` Paul Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=83woe3rvhg.fsf@gnu.org \
--to=eliz@gnu.org \
--cc=37445@debbugs.gnu.org \
--cc=eggert@cs.ucla.edu \
--cc=tino.calancha@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.