From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Stefan Monnier Newsgroups: gmane.emacs.devel Subject: Re: emacsclient socket ownership Date: Fri, 02 Nov 2018 11:38:34 -0400 Message-ID: References: NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: blaine.gmane.org 1541173021 28729 195.159.176.226 (2 Nov 2018 15:37:01 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Fri, 2 Nov 2018 15:37:01 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Nov 02 16:36:57 2018 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gIbVH-0007Kq-B6 for ged-emacs-devel@m.gmane.org; Fri, 02 Nov 2018 16:36:55 +0100 Original-Received: from localhost ([::1]:52226 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gIbXN-0004lg-Kn for ged-emacs-devel@m.gmane.org; Fri, 02 Nov 2018 11:39:05 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:41627) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gIbXH-0004lb-2b for emacs-devel@gnu.org; Fri, 02 Nov 2018 11:38:59 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gIbXD-0000rc-Rn for emacs-devel@gnu.org; Fri, 02 Nov 2018 11:38:59 -0400 Original-Received: from [195.159.176.226] (port=48107 helo=blaine.gmane.org) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gIbXC-0000n9-C7 for emacs-devel@gnu.org; Fri, 02 Nov 2018 11:38:55 -0400 Original-Received: from list by blaine.gmane.org with local (Exim 4.84_2) (envelope-from ) id 1gIbUu-0006vJ-Qa for emacs-devel@gnu.org; Fri, 02 Nov 2018 16:36:32 +0100 X-Injected-Via-Gmane: http://gmane.org/ Original-Lines: 31 Original-X-Complaints-To: usenet@blaine.gmane.org Cancel-Lock: sha1:FAekMSn1qHwCVuaXjqJpcAZRFmw= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 195.159.176.226 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:230980 Archived-At: > It checks if the socket is owned by the same user (function socket_status). > If the user is root, however, this check is ignored (master emacsclient > line 1370). Is this not a security issue? Any user can create a socket > /tmp/emacs0/server, and root emacsclient will use it. Sounds like a security issue, yes: root may end up talking to some other user's Emacs. This seems to date back to commit 9f637eea618b3b6b764b92405a480c254756f94a Author: Gerd Moellmann Date: Fri Jan 28 15:02:20 2000 +0000 (socket_status): New function. (main): if $LOGNAME or $USER exist and differ from our euid, look for a socket based on the UID associated with the name. so it's likely meant for the case where you `su` (or `sudo`) and want to use emacsclient from root but connect to your main (non-root) Emacs server. Not sure how to reconcile the two. I guess the risk is reduced in practice for the following reason: server.el should hopefully signal an error if it can't create&own /tmp/emacsUID/server, so emacsclient only risks connecting to a wrong Emacs if: - you forgot to start your Emacs server. - your Emacs failed to start and you didn't notice it. - server.el did not check things carefully enough and the attacker managed to replace your socket with his (e.g. /tmp/emacsUID/ or /tmp is somehow writable for the attacker). Stefan