From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Noam Postavsky <npostavs@gmail.com>
Newsgroups: gmane.emacs.devel
Subject: Re: Closing a privilege escalation
Date: Tue, 24 Apr 2018 21:18:31 -0400
Message-ID: <CAM-tV--K+VFkcwSXTqdyrL3C4OFAjVd9Rx132iPKgQHPTavdvg@mail.gmail.com>
References: <E1fB8vq-0002wh-19@fencepost.gnu.org>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
X-Trace: blaine.gmane.org 1524619051 23721 195.159.176.226 (25 Apr 2018 01:17:31 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Wed, 25 Apr 2018 01:17:31 +0000 (UTC)
Cc: Emacs developers <emacs-devel@gnu.org>
To: Richard Stallman <rms@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Apr 25 03:17:26 2018
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1fB93m-00065N-OK
	for ged-emacs-devel@m.gmane.org; Wed, 25 Apr 2018 03:17:26 +0200
Original-Received: from localhost ([::1]:33283 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1fB95t-0002CX-Ki
	for ged-emacs-devel@m.gmane.org; Tue, 24 Apr 2018 21:19:37 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:53744)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <npostavs@gmail.com>) id 1fB94t-0001cQ-0G
	for emacs-devel@gnu.org; Tue, 24 Apr 2018 21:18:35 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <npostavs@gmail.com>) id 1fB94s-00023G-BZ
	for emacs-devel@gnu.org; Tue, 24 Apr 2018 21:18:34 -0400
Original-Received: from mail-ot0-x22e.google.com ([2607:f8b0:4003:c0f::22e]:43170)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <npostavs@gmail.com>)
	id 1fB94q-000210-V5; Tue, 24 Apr 2018 21:18:33 -0400
Original-Received: by mail-ot0-x22e.google.com with SMTP id y10-v6so10522160otg.10;
	Tue, 24 Apr 2018 18:18:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=mime-version:in-reply-to:references:from:date:message-id:subject:to
	:cc; bh=eJQ7RSg3w1UstXEFDteQjXlcQZ3IETavB9sPqgPB5cY=;
	b=cu59Ez45DgSMBsMeROe7GUBLE8Z8Q719r9GWtHC0caMRwcUVn2/jrSaZAxuvdxnLHs
	YJqRmvQEwVtzZWMjrUvtFA52LghDoJOyzqx6ZIcSRwUtnPICBPVhQ2S6bD0CTsUk2tzF
	D3i2Uhas6pPDX/yYlHWhe2i/v82da/u75TwJSsROYB398t/Zyom2w62i/gOFM/h6+TCZ
	6QJ5dwivQRBwIWtrDvBIwQ2IggvRlowZ2w/3urTpFuvLEGB8JTPyo1XMBIguaqeuMqEw
	EzHtFR6EDHemfPJVCjoYwBnHsgyC5qzRBf3opav+lbkNGsNDz74BgbfoO15FgSBKuah5
	nkIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:in-reply-to:references:from:date
	:message-id:subject:to:cc;
	bh=eJQ7RSg3w1UstXEFDteQjXlcQZ3IETavB9sPqgPB5cY=;
	b=dBW31DWEJqF9VCXUFPTWgYfphNKr0d8Q618wB8E7bfEqydkTH7Vwmk9sJKs+5i/zmV
	OIolNAEy+UzHED4EaqnAEPhCdMlYcQrgW4ZQ4xtE/F4G/avIALMxaDZKUJMxpEsWIE9F
	n+bCzN0+y0xv9DSqek0Sd2sIE7Ze4Ig9xoZxgGRHKllFwkwRrNv2YTXOPes8I8/IbUND
	InPMtzHOYbp9jKBMtXjneOQzEmYYHN7lwkek5ncVOV41L+vCgNFXm5+XLZHAPyWEJte0
	lgokpGEbAoqrGbQhwO80rnlAaT1JKSkop4O7u92CifkeBLeaLDMlrqFMLMKqcrEKl5yy
	3s+w==
X-Gm-Message-State: ALQs6tDfjmyLTxn//8mcSJU8jqRHjvfchVrfcuT9iOHGYpQwggSoZWu5
	9rpqA3m0+YIdkEK2XEtzgGUcjnUrzu7eSmP50mQ=
X-Google-Smtp-Source: AIpwx4+VcptoAW/L3zpYJ4DUhM+BEN25LK9wE3CHs0VeTdhswWO1PHLbVCKFvZKCgFjBtxF46Vg2w/EmxZXQhkWx8ts=
X-Received: by 2002:a9d:4086:: with SMTP id
	n6-v6mr15000273ote.335.1524619111970; 
	Tue, 24 Apr 2018 18:18:31 -0700 (PDT)
Original-Received: by 10.74.5.135 with HTTP; Tue, 24 Apr 2018 18:18:31 -0700 (PDT)
In-Reply-To: <E1fB8vq-0002wh-19@fencepost.gnu.org>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 2607:f8b0:4003:c0f::22e
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel/>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: "Emacs-devel" <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.devel:224852
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/224852>

On 24 April 2018 at 21:09, Richard Stallman <rms@gnu.org> wrote:

> With some arguments, emacs started inside sudo will run the user's own
> .emacs file rather than root's.  This creates a known vulnerability
> for privilege escalation.
>
> I propose a feature to fix the vulnerability:
>
>   For sudo-authorized users, require .emacs (and other Emacs startup
>   files and directories) to be owned by root.

Can you explain what you mean by "sudo-authorized users" exactly? I
would have expected the fix to be

  When running Emacs as root, require .emacs (etc) to be writable only by root.