Thanks for checking this problem.

I am convinced by the comments that this is not a pure Emacs issue, though a step can still be taken to help users protect from this abuse.

For example, Notepad++ on Windows does not load user plugins (located in AppData) when run as Administrator - unless an Administrator explicitly puts a specific file in the protected installation directory ("allowAppDataPlugins.xml").

Best,
Dor Azouri

On Sat, Sep 30, 2017 at 1:55 AM Noam Postavsky <npostavs@users.sourceforge.net> wrote:

tags 28618 - unreproducible
tags 28618 + notabug
quit

Glenn Morris <rgm@gnu.org> writes:

> On some systems, sudo may preserve HOME by default. Or it may be
> optional behaviour with "sudo -E" (eg on Debian 8, it seems).

Ah, that explains the discrepancy then (it's the same with Debian 9,
which I'm using here).

> Ref eg
>
> https://security.stackexchange.com/questions/18369/issues-with-preserving-home-on-sudo
>
> As it stands, I don't think this is an Emacs issue.

I agree.