From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Michael Albinus <michael.albinus@gmx.de>
Newsgroups: gmane.emacs.devel
Subject: Re: sudo:: method in tramp possible security issue
Date: Wed, 21 Nov 2018 08:41:55 +0100
Message-ID: <87d0qy98sc.fsf@gmx.de>
References: <CALDnm52oYOV_kPWZH62ub8seM4uug-GH68ywgXGJfDAbG7_4Xg@mail.gmail.com>
	<87ftvwdcdw.fsf@gmx.de>
	<CALDnm51fhzD48-40-t04KU9S19Lz8_sf8Y=pKZbnSHR+tbCgTQ@mail.gmail.com>
	<87bm6kdb68.fsf@gmx.de>
	<CALDnm53tX4vFz4CH=P27_dUt=9dXWMrE7xdTz3iZuqybsndygg@mail.gmail.com>
	<jwvmuq4zqsz.fsf-monnier+emacs@gnu.org>
	<CALDnm52moQthtMvSEw2ELWjZg3yJ8jypG=TBLgSsdr6R8ru0Aw@mail.gmail.com>
	<87bm6kyxc3.fsf@gmx.de>
	<CALDnm5211UDT_pW-HzgnRb5dQtnCZSgN+GRGHYM1hPVAjBWavA@mail.gmail.com>
	<87k1l83yd3.fsf@gmx.de>
	<CALDnm52KU0wNd3Sd-7m78JrPcLsiNuZ8hQxcTs3PgDNG7+0a0g@mail.gmail.com>
	<87o9ajvost.fsf@gmx.de>
	<CALDnm51BJJiRfMgK+cKp=0wHBqZh7gKUffAR-m4yfStX+aoJ-g@mail.gmail.com>
	<87198cbf-4e47-b094-8a06-7406114e86db@cs.ucla.edu>
	<jwv1s7fxxdb.fsf-monnier+emacs@gnu.org>
	<888b347f-80f3-dbc2-9e88-74be3375b599@cs.ucla.edu>
	<878t1n2yll.fsf@gmx.de>
	<CALDnm51khRvTJ6CKW-TO7c2No6Sc92oAbOExEh6zj1p0fkbifw@mail.gmail.com>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Trace: blaine.gmane.org 1542786706 24910 195.159.176.226 (21 Nov 2018 07:51:46 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Wed, 21 Nov 2018 07:51:46 +0000 (UTC)
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)
Cc: Eli Zaretskii <eliz@gnu.org>, Paul Eggert <eggert@cs.ucla.edu>,
	Stefan Monnier <monnier@iro.umontreal.ca>,
	emacs-devel <emacs-devel@gnu.org>
To: =?utf-8?B?Sm/Do28gVMOhdm9yYQ==?= <joaotavora@gmail.com>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Nov 21 08:51:42 2018
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1gPNIS-0006KE-KN
	for ged-emacs-devel@m.gmane.org; Wed, 21 Nov 2018 08:51:40 +0100
Original-Received: from localhost ([::1]:37641 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1gPNKZ-0004SK-0X
	for ged-emacs-devel@m.gmane.org; Wed, 21 Nov 2018 02:53:51 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:36755)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <michael.albinus@gmx.de>) id 1gPNG7-00016T-Ow
	for emacs-devel@gnu.org; Wed, 21 Nov 2018 02:49:18 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <michael.albinus@gmx.de>) id 1gPN9H-0003lC-M5
	for emacs-devel@gnu.org; Wed, 21 Nov 2018 02:42:14 -0500
Original-Received: from mout.gmx.net ([212.227.17.22]:40935)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <michael.albinus@gmx.de>)
	id 1gPN9H-0003kZ-Dc; Wed, 21 Nov 2018 02:42:11 -0500
Original-Received: from detlef.gmx.de ([178.20.93.145]) by mail.gmx.com (mrgmx103
	[212.227.17.168]) with ESMTPSA (Nemesis) id 0M5tzh-1fWJij0s49-00xsNP;
	Wed, 21 Nov 2018 08:42:00 +0100
In-Reply-To: <CALDnm51khRvTJ6CKW-TO7c2No6Sc92oAbOExEh6zj1p0fkbifw@mail.gmail.com>
	(=?utf-8?Q?=22Jo=C3=A3o_T=C3=A1vora=22's?= message of "Tue, 20 Nov 2018
	22:27:01 +0000")
X-Provags-ID: V03:K1:P0XTKOXgApE6WcFLZDfrFH4uOykmD8lIfAN6pLdugcbcW9DYBBS
	aFNrKacL+zHa5DPyR8uoHTxBPIwykeRECZ6mLnmPCjw2ECqvTK35FctyeX7BKeFedPrGcgp
	h2USu5HicOvLfJcRloryhmxh5KkQAs3LgvXUo17bv16yXmcbeoaD2AcGQap5mTy3gExfgqi
	mw6yAENRC5p+YT3/SXZfg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:CZQJOTCrIXo=:5+5MZmebfOrvB5YgSBf67A
	Af9s0w+UVy309jyrVeJnhwKDssrzPk0mCY+/I+f4hfXzladi35lBvxvUI1fHZ3I7YV4qlFqmm
	NBtK0yzj7E9PSxyDppd8kZ3l/bHbcqd+xBWcPSZBdNAwjFK5qkZ4S+cKJ2BcLo/6mYnlq4yzZ
	sCtAt2pFS9as69DByFuC6SHvLUj7tSE+puLGQdEZRO9HVMImOTlwR8Y9PqH9tT++KjEkmvYIa
	kFnpczko2mQDjaGcc+48zdM0T2e1+scQ7fZZ4lsJorP7V5jqt6+iRwClxORCI57yRztj81er3
	fhLvlNWTgFoCjD2RXvmBvb4hnGunXL+aSzKfmN9I7hfozRtPnb7nLJtn6ZbTkbI7FH7Muj16j
	6hQdrW+CSYaPTxysAACpzURTIpGPT7LXE3fFa/T4irDlKc1ACTjrIMZ8cxnRhQNUmp/yjDwje
	Uv3rch6Mv6fVJukyXERHg7BPDroa43Z0G+UxoZ5OsQN0Zl5/U0CUxZAZovVvaQ+mfHZa8UUmg
	r6xcRAyy/Q5ooWMZwautKUhRfRS/M4YPg6qbzwkSYa+nt7S7DXOi4p8UiQjV+NlkZOcYhqYw9
	lBGvVq+ae+4b0CeK5Hz3wwUaLcuUFmVF/RR/GEr43hZaECUrnwjwH/UY23GZS0EKyo4RMcY9O
	5QhTbX0Cye7Pc7w2SKw+8DzsYHhiBjeALKB7JCWTw89KwOcD1JRfrqqauzdDMPubrGIaCE74J
	8zyV1RqQGqiD4wGHWct+LgpYWNYehH53C89asjBDc7WsBF6+d4NWpg4uyb0uAsRWvGlz7m/C 
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 212.227.17.22
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel/>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: "Emacs-devel" <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.devel:231272
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/231272>

Jo=C3=A3o T=C3=A1vora <joaotavora@gmail.com> writes:

>     Tramp's sudo method needs your credentials. If you don't provide
>     them, Tramp cannot do anything.
>
>     Like calling sudo in a terminal.
>
> It's not exactly like calling sudo in a terminal, because when you
> use sudo you generally:
>
> 1. perform a one time action and are back at a non-sudo prompt; OR
> 2. start an interactive superuser session that easy to identify
> visually=20
>    and for which there isn't a programmatic way for other programs=20
>    to interfere
>
> In other words, what bothers me the most about the sudo:: method is=20
> the persistent sudo session that makes me vulnerable to attackers, and
> to my elisp developing mistakes.  This is why I think a warning makes=20
> sense, or some visual way to identify this vulnerable state.

There is already a "visual way to identify this state". It is called
tramp-theme, a GNU ELPA package.

This is documented in the Tramp manual, see (info "(tramp) Frequently Asked=
 Questions")
Again, nobody reads the manual :-(

The command `tramp-cleanup-connection' closes any background session for
a Tramp connection, including removing cached passwords. Maybe we shall
call this for sudo/su methods automatically after a given timeout, like
the password expiration for sudo in a terminal. 5 minutes seem to be a
sensible value to me.

> Jo=C3=A3o

Best regards, Michael.