From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Noam Postavsky Newsgroups: gmane.emacs.bugs Subject: bug#30912: emacs as a route to privilege escalation Date: Thu, 22 Mar 2018 20:05:01 -0400 Message-ID: <87lgejslle.fsf@gmail.com> References: NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: blaine.gmane.org 1521763456 23111 195.159.176.226 (23 Mar 2018 00:04:16 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Fri, 23 Mar 2018 00:04:16 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.90 (gnu/linux) Cc: 30912@debbugs.gnu.org To: "Nelson H. F. Beebe" Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Fri Mar 23 01:04:12 2018 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ezABn-0005u1-ON for geb-bug-gnu-emacs@m.gmane.org; Fri, 23 Mar 2018 01:04:11 +0100 Original-Received: from localhost ([::1]:35392 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ezADq-0002Gy-Ur for geb-bug-gnu-emacs@m.gmane.org; Thu, 22 Mar 2018 20:06:18 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:47032) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ezADd-0002EZ-Lp for bug-gnu-emacs@gnu.org; Thu, 22 Mar 2018 20:06:06 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ezADa-0000vK-Fb for bug-gnu-emacs@gnu.org; Thu, 22 Mar 2018 20:06:05 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:40350) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ezADa-0000vE-AU for bug-gnu-emacs@gnu.org; Thu, 22 Mar 2018 20:06:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ezADa-0003ax-02 for bug-gnu-emacs@gnu.org; Thu, 22 Mar 2018 20:06:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Noam Postavsky Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 23 Mar 2018 00:06:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 30912 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 30912-submit@debbugs.gnu.org id=B30912.152176351213763 (code B ref 30912); Fri, 23 Mar 2018 00:06:01 +0000 Original-Received: (at 30912) by debbugs.gnu.org; 23 Mar 2018 00:05:12 +0000 Original-Received: from localhost ([127.0.0.1]:48247 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ezACl-0003Zp-Ob for submit@debbugs.gnu.org; Thu, 22 Mar 2018 20:05:12 -0400 Original-Received: from mail-it0-f52.google.com ([209.85.214.52]:56004) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ezACi-0003ZT-OX; Thu, 22 Mar 2018 20:05:09 -0400 Original-Received: by mail-it0-f52.google.com with SMTP id e195-v6so482222ita.5; Thu, 22 Mar 2018 17:05:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=+UQADyqPj0FABcL+A5ESfoecRiIxfbVXvIS1mr+YJqA=; b=lBS8eDy64yfCpEOTuX50tuaa+mm9AatRqcvR2AFPe5NVlhLzq3dO/lphI/MUiCzGXk Ojcj+4vUhA5eNiY8WyqRErn8p0jxTROj0RTI9qSjjCsSrbidsbV6XYUuSqT8LPAggRvu 6EIkfp3cyd+bO0SrV1fXYlOjvP1lBHECYwV99+SznOMzR7arQjiSf3QYVQkGtntExDWA Cg0P6/ZLkxUI+vEMFFfCjZc0yRrb+Np3WtyVrBtZbAyYqKdi8R6t9zZjBkhcrlx2imgN mThLoKHdKEYclsC9lUHhRKfNBmsz9w6hzs48Ce6c/PQm/95sL2n8TC8UGVBoLq8czYdu hEHQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=+UQADyqPj0FABcL+A5ESfoecRiIxfbVXvIS1mr+YJqA=; b=poA7/+4R5dYvaOHTbTGXJmVOQWe4Qx2imMbaR+hRT16gMlytM3HjIffxKSNAph3yjo 9cLxPm3NPc3b3jDicEJtSddQtLF6CG+dOo+n1YxjbfVT3HXqGxwC5aXZbk0RvLPXes02 DOnHSjAakLrjBmsEbCK//vH484bhLGLT8oiDCD97wogRfgoswRgikPoBb6trW9q1dPqM DwHI7NSo18pzozD8n61lYgWagXEzmw+CkCTEd2GV9DppO9HCXO2TVoxZNzaZqHAeVC32 Vd9Lg6OWLoK4a3Lv4H2qHRDYX4rYQJrVr7D6KSDw6A6c2/AcZSPftqDk7I1+udukYnSZ 6vPA== X-Gm-Message-State: AElRT7FjKJ+LvJolE8RERM8sVZZXf2b7ysy1BOjXV/u/RWA4cCIgScbp R+toqSTCeHosLBXnvN4XHCu9pQ== X-Google-Smtp-Source: AG47ELsyH/Iu6pbcYm+HqcRDxIdAYK2jus38vfFyAV1xYIsF6FSyaP6R6EgqmqEO7TryW7u0UO4w6A== X-Received: by 2002:a24:3c5:: with SMTP id e188-v6mr11581385ite.74.1521763502907; Thu, 22 Mar 2018 17:05:02 -0700 (PDT) Original-Received: from zebian (cbl-45-2-119-34.yyz.frontiernetworks.ca. [45.2.119.34]) by smtp.googlemail.com with ESMTPSA id e142-v6sm6145656ite.3.2018.03.22.17.05.01 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 22 Mar 2018 17:05:02 -0700 (PDT) In-Reply-To: (Nelson H. F. Beebe's message of "Thu, 22 Mar 2018 17:41:22 -0600") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:144540 Archived-At: forcemerge 28618 30912 quit "Nelson H. F. Beebe" writes: > The SANS security list today carried a pointer to this Web site: > > Abusing Text Editors with Third-party Plugins > March 15, 2018 > Dor Azouri > https://safebreach.com/Post/Abusing-Text-Editors-with-Third-party-Plugins > > It links to an 11-page report of the same title at > > https://go.safebreach.com/rs/535-IXZ-934/images/Abusing_Text_Editors.pdf > > Do emacs developers wish to respond to the security attacks described > there? Dor already brought this up in Bug#28618. As Glenn said: If an attacker has [compromised] a user account that can run "sudo arbitrary command", then that's just the same as having compromised the root account, and so worrying about this on the individual application level doesn't seem to make sense. Eg they could replace "sudo" with a keylogger. Note that the problem could be "fixed" by setting Defaults always_set_home in /etc/sudoers (Debian has this setting by default), but that won't help with the sudo-is-a-key-logger problem.