Agree. I don't think this is an issue emacs can address. It is really about
how sudo is configured. On many systems, users with the 'admin' privilege
can run sudo to execute any command, including sudo su - root. Once you
have root, game over - e.g. I can easily edit .emacs of any user and there
is little emacs can do to detect that (unless you want to go the over kill
route of requiring a gpg key at startup to allow emacs to read an encrypted
.emacs or similar). As Lars points out, once you have root, you can just as
easily compromise some other part of the system or install a key logger or
even a modified version of emacs itself.

On 27 April 2018 at 07:05, Richard Stallman <rms@gnu.org> wrote:

> [[[ To any NSA and FBI agents reading my email: please consider    ]]]
> [[[ whether defending the US Constitution against all enemies,     ]]]
> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
>
>   > I thought the discussion concluded that a sudo user can do anything
>   > (like put stuff in root's ~/.bashrc), and that this isn't something
> that
>   > Emacs should worry about.
>
> A sudo-capable user can do all sorts of bad things while sudoing,
> but that's not what we are talkin about.
> Here the issue is what malicious code can do, while that user is NOT
> sudoing,
> to arrange to take advantage later.  One way is by editing .emacs
> so that it will do something bad next time the user runs Emacs under sudo.
>
> Unfortunately, it seems there are many ways the code could do that,
> which do not work by editing .emacs.  So trying to block that avenue
> is ineffective.
>
> --
> Dr Richard Stallman
> President, Free Software Foundation (https://gnu.org, https://fsf.org)
> Internet Hall-of-Famer (https://internethalloffame.org)
> Skype: No way! See https://stallman.org/skype.html.
>
>
>


-- 
regards,

Tim

--
Tim Cross