From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: =?UTF-8?B?Sm/Do28gVMOhdm9yYQ==?= Newsgroups: gmane.emacs.devel Subject: Re: sudo:: method in tramp possible security issue Date: Tue, 20 Nov 2018 22:54:18 +0000 Message-ID: References: <87ftvwdcdw.fsf@gmx.de> <87bm6kdb68.fsf@gmx.de> <87bm6kyxc3.fsf@gmx.de> <87k1l83yd3.fsf@gmx.de> <87o9ajvost.fsf@gmx.de> <87zhu31ix1.fsf@gmx.de> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="00000000000031c0d7057b2084aa" X-Trace: blaine.gmane.org 1542754552 28741 195.159.176.226 (20 Nov 2018 22:55:52 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Tue, 20 Nov 2018 22:55:52 +0000 (UTC) Cc: Eli Zaretskii , Stefan Monnier , emacs-devel To: Michael Albinus Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Nov 20 23:55:48 2018 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gPEvs-0007O7-6d for ged-emacs-devel@m.gmane.org; Tue, 20 Nov 2018 23:55:48 +0100 Original-Received: from localhost ([::1]:36354 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gPExy-0008Ch-QB for ged-emacs-devel@m.gmane.org; Tue, 20 Nov 2018 17:57:58 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:34057) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gPEwg-00088x-As for emacs-devel@gnu.org; Tue, 20 Nov 2018 17:56:39 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gPEuf-0004p4-8W for emacs-devel@gnu.org; Tue, 20 Nov 2018 17:54:35 -0500 Original-Received: from mail-qt1-x833.google.com ([2607:f8b0:4864:20::833]:40873) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gPEud-0004jT-8h; Tue, 20 Nov 2018 17:54:33 -0500 Original-Received: by mail-qt1-x833.google.com with SMTP id k12so1917090qtf.7; Tue, 20 Nov 2018 14:54:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xPWgXwE2UnAyrWoRM7wiyLwzybNdnmrfMe0vdmbRqY4=; b=IblpQj/5I+gwmY3qMCaOUOz6Wwhcc0wHJI2qd9KQ/iiXB178HyRxHjeCx3aVl7jIYA hI7t0L0kI5IKmRCS/zZIXOUHZXToxHeH35tMvXwAlwq+gR1IhCYhpwpDiPcVavUqu7Mf KlpdZ4kMZS77FirNR39uHFXJNQeDd2mVvZudR3coVEvgNnOWlnc5c3pdqLLyX2Cdiurs W+HrmhbeOeBq//JXRT8LLfE2Ghi9VKR86Y9dpiYVq3cfWBoW+3Ll5lClGuD7Wpn9p26G Nu+CZV0IMMNMVOn8AnPRDjqCwsdDxSu09gdPHa3jjnLfhnzs7cYSE3EAWd1gLklSRUQS UOGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xPWgXwE2UnAyrWoRM7wiyLwzybNdnmrfMe0vdmbRqY4=; b=WMC5G+pcKJLJcVotFc5YRhIwwX9zG1cfKkpFgZTVSpd/gou8P5tTXRuo9OCKwiSE1d n+fyQXT9NetgVacHTVdNJ7tcD4pQVS4mJU95JDLZhtJLkpEJg8/JFHmhnS625kolaby4 A8ht52szexhQQSefBN6b0scXiNm+/E+giwNB1Z3BmOswpui9jhNRj+PuoDY1O+V22rrz 6S81YHgrCp8Q8Hy9YuknzkSJDJ28+QRU5TdSRY8N6F7JTMz0RIh9ObO6+FR/V2VE6/S7 zer4lURst77Fm2Il6oXHtMU5rS4bfTOmr4oAnX3Vcfmhzi0AgYuEhnFgOAjxsX7dcdAO BMMA== X-Gm-Message-State: AA+aEWayeTihtBB3IxA2Eet2QYZolzDhxHJao4gAznxzPAng3VDfB2Hj XiyZoGH4CvLuaVaUgXas7dB0EWjcLdsa1T4L1ko= X-Google-Smtp-Source: AFSGD/VABywcGD95k6Ie2aQrhfizxOMVZ2aA5fTmtaIaLcsyBiqpT+KkxnVV5hpGlaea4C9Vn2q9mg2VpqoYDm3/ATc= X-Received: by 2002:ad4:50cc:: with SMTP id e12mr3634348qvq.20.1542754470574; Tue, 20 Nov 2018 14:54:30 -0800 (PST) In-Reply-To: <87zhu31ix1.fsf@gmx.de> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4864:20::833 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:231265 Archived-At: --00000000000031c0d7057b2084aa Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Nov 20, 2018 at 10:30 PM Michael Albinus wrote: > > It isn't overkill. The implementation in Tramp depends on the file name > handler concept, which requires to implement 70 basic functions. How > would it be possible to implement `file-attributes', for example, w/o an > interactive shell with root permissions? > Sorry, I meant overkill for most **uses**. By which I mean 100% of uses that **I** have ever had for /sudo::, which is to quickly edit a system file. Of course there are other uses that other users might want. > Here I'm not convinced. I agree that it must be said more prominent in > the Tramp manual, that an interactive session with root permissions is > running in the background, but I believe it would be too bossy to tell > users they shall not use "/sudo::". It is like telling something like > this to users, who call sudo in a terminal. Are there such warnings, > somewhere? > I've explained that I don't think it is the same to run sudo in a terminal and inside emacs. And I'm not suggesting "/sudo:: considered dangerous, thou shalt not use it!", just a one time summary explanation of what is about to happen. Alternatively, how would you feel about adding something to the mode-line clearly showing that there is an ongoing superuser session going on? For me, mentioning it in the manual isn't very useful, because few people read the manual, fine as it may be :-) Jo=C3=A3o T=C3=A1vora --00000000000031c0d7057b2084aa Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Tue, Nov 20, 2018 at 10:30 PM Michael Albinus <michael.albinus@gmx.de> wrote:<= br>

It isn't overkill. The implementation in Tramp depends on the file name=
handler concept, which requires to implement 70 basic functions. How
would it be possible to implement `file-attributes', for example, w/o a= n
interactive shell with root permissions?

Sorry, I meant overkill for most **uses**.=C2=A0 By which I mean 100%
of uses that **I** have ever had for /sudo::, which is to quickly
edit a system file. Of course there are other uses that other
<= /div>
users might want.
=C2=A0
Here I'm not convinced. I agree that it must be said more prominent in<= br> the Tramp manual, that an interactive session with root permissions is
running in the background, but I believe it would be too bossy to tell
users they shall not use "/sudo::". It is like telling something = like
this to users, who call sudo in a terminal. Are there such warnings,
somewhere?

I've explained that I do= n't think it is the same to run sudo in a
terminal and i= nside emacs.=C2=A0 And I'm not suggesting "/sudo::
= considered dangerous, thou shalt not use it!", just a one time
summary explanation of what is about to happen.

Alternatively, how would you feel about adding something to
the mode-line clearly showing that there is an ongoing
supe= ruser session going on?

For me, mentioning it = in the manual isn't very useful, because
few people read the = manual, fine as it may be :-)

Jo=C3=A3o T= =C3=A1vora
--00000000000031c0d7057b2084aa--