From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: David Engster <deng@randomsample.de>
Newsgroups: gmane.emacs.bugs
Subject: bug#22202: 24.5;
	SECURITY ISSUE -- Emacs Server vulnerable to random number generator
	attack on Windows systems
Date: Tue, 29 Dec 2015 21:00:55 +0100
Message-ID: <8760zh81oo.fsf@isaac.fritz.box>
References: <CAPM58ojkc5zNp3TOwsTGtXV+FSkmFRZ+PdhW2w=mLdrgsNuZsQ@mail.gmail.com>
	<83lh8ddy45.fsf@gnu.org>
	<CAPM58ohO-FoM8+niHd43bq7GX2dvBkBiLNMthnBXsTyBhRQWxg@mail.gmail.com>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1451419342 25133 80.91.229.3 (29 Dec 2015 20:02:22 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Tue, 29 Dec 2015 20:02:22 +0000 (UTC)
Cc: 22202@debbugs.gnu.org, Demetri Obenour <demetriobenour@gmail.com>
To: Richard Copley <rcopley@gmail.com>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Dec 29 21:02:10 2015
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1aE0TB-0002Rp-I6
	for geb-bug-gnu-emacs@m.gmane.org; Tue, 29 Dec 2015 21:02:09 +0100
Original-Received: from localhost ([::1]:49934 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1aE0TB-0008TA-2E
	for geb-bug-gnu-emacs@m.gmane.org; Tue, 29 Dec 2015 15:02:09 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:36771)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aE0T8-0008T0-0S
	for bug-gnu-emacs@gnu.org; Tue, 29 Dec 2015 15:02:06 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aE0T4-0005z6-RG
	for bug-gnu-emacs@gnu.org; Tue, 29 Dec 2015 15:02:05 -0500
Original-Received: from debbugs.gnu.org ([208.118.235.43]:41320)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aE0T4-0005z2-Nd
	for bug-gnu-emacs@gnu.org; Tue, 29 Dec 2015 15:02:02 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aE0T4-0007Tm-Gb
	for bug-gnu-emacs@gnu.org; Tue, 29 Dec 2015 15:02:02 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: David Engster <deng@randomsample.de>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Tue, 29 Dec 2015 20:02:02 +0000
Resent-Message-ID: <handler.22202.B22202.145141926328673@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 22202
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: security
Original-Received: via spool by 22202-submit@debbugs.gnu.org id=B22202.145141926328673
	(code B ref 22202); Tue, 29 Dec 2015 20:02:02 +0000
Original-Received: (at 22202) by debbugs.gnu.org; 29 Dec 2015 20:01:03 +0000
Original-Received: from localhost ([127.0.0.1]:48922 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1aE0S7-0007SP-1C
	for submit@debbugs.gnu.org; Tue, 29 Dec 2015 15:01:03 -0500
Original-Received: from randomsample.de ([5.45.97.173]:39200)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <deng@randomsample.de>) id 1aE0S4-0007Rs-P5
	for 22202@debbugs.gnu.org; Tue, 29 Dec 2015 15:01:01 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=randomsample.de; s=a; 
	h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To:Subject:Cc:To:From;
	bh=fHDMs+UaqMtFzVmGWo3hZei3uB3cgld4R6G1PdWN3bI=; 
	b=UqNtZ2aSjXDbWBTXT1iUMme1WvoriY4tAOC88l5sv++kEzLBz0oU4j+yhlmVqbwH3L84cNf4lzeiKBlWNdqTLLWkDWTibbaR5qXuhgc2vRO0iEE7/b56Bh6dcE6ey5aN;
Original-Received: from ip4d1494ed.dynamic.kabel-deutschland.de ([77.20.148.237]
	helo=isaac.fritz.box)
	by randomsample.de with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128)
	(Exim 4.80) (envelope-from <deng@randomsample.de>)
	id 1aE0S3-0006JT-85; Tue, 29 Dec 2015 21:00:59 +0100
In-Reply-To: <CAPM58ohO-FoM8+niHd43bq7GX2dvBkBiLNMthnBXsTyBhRQWxg@mail.gmail.com>
	(Richard Copley's message of "Tue, 29 Dec 2015 17:44:47 +0000")
User-Agent: Gnus/5.13001 (Ma Gnus v0.10) Emacs/24.5 (gnu/linux)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 208.118.235.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.bugs:110978
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/110978>

Richard Copley writes:
> On 29 December 2015 at 16:21, Eli Zaretskii <eliz@gnu.org> wrote:
>>> Date: Tue, 29 Dec 2015 15:36:12 +0000
>>> From: Richard Copley <rcopley@gmail.com>
>>>
>
>>> > Please provide the necessary details for reproducing this problem and
>>> > verifying the solution.  What I'm missing:
>>> >
>>> > > 1. Be logged into the same Windows computer as someone else.
>>> >
>>> > How do you do that?  I understand you are describing a situation where
>>> > 2 users are logged into the same Windows system simultaneously using
>>> > the same credentials, is that true?  If so, how to create such a
>>> > situation?
>>>
>>> I don't think that is possible; however, two /different/ accounts can
>>> be logged in to a computer at the same time, via Remote Desktop or
>>> Fast User Switching.
>>
>> Logging in via Remote Desktop usurps the system, AFAIK.  So these
>> possibilities are not relevant to the issue at hand.
>
> That is definitely not correct. In some configurations several users
> can connect via remote desktop. I do this every day. It /might/ be
> necessary to have a "Professional" and/or Server edition of Windows.
> A licensed Terminal Server supports dozens of sessions at once.

That's correct (it requires a Windows Server with enabled terminal
services), but each user session has of course its own process space, so
I don't see how the described attack could work there.

-David