From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Stefan Monnier Newsgroups: gmane.emacs.devel Subject: Re: sudo:: method in tramp possible security issue Date: Tue, 20 Nov 2018 16:44:03 -0500 Message-ID: References: <87ftvwdcdw.fsf@gmx.de> <87bm6kdb68.fsf@gmx.de> <87bm6kyxc3.fsf@gmx.de> <87k1l83yd3.fsf@gmx.de> <87o9ajvost.fsf@gmx.de> <87198cbf-4e47-b094-8a06-7406114e86db@cs.ucla.edu> <888b347f-80f3-dbc2-9e88-74be3375b599@cs.ucla.edu> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: blaine.gmane.org 1542750249 32326 195.159.176.226 (20 Nov 2018 21:44:09 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Tue, 20 Nov 2018 21:44:09 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Nov 20 22:44:05 2018 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gPDoP-0008Cz-6j for ged-emacs-devel@m.gmane.org; Tue, 20 Nov 2018 22:44:01 +0100 Original-Received: from localhost ([::1]:36116 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gPDqV-0007xM-Ku for ged-emacs-devel@m.gmane.org; Tue, 20 Nov 2018 16:46:11 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:42384) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gPDox-0007sv-Ea for emacs-devel@gnu.org; Tue, 20 Nov 2018 16:44:40 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gPDod-0005GP-Gy for emacs-devel@gnu.org; Tue, 20 Nov 2018 16:44:24 -0500 Original-Received: from [195.159.176.226] (port=53658 helo=blaine.gmane.org) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gPDod-0005Bm-6v for emacs-devel@gnu.org; Tue, 20 Nov 2018 16:44:15 -0500 Original-Received: from list by blaine.gmane.org with local (Exim 4.84_2) (envelope-from ) id 1gPDmP-0005eg-N5 for emacs-devel@gnu.org; Tue, 20 Nov 2018 22:41:57 +0100 X-Injected-Via-Gmane: http://gmane.org/ Original-Lines: 17 Original-X-Complaints-To: usenet@blaine.gmane.org Cancel-Lock: sha1:IPTaz2ecQHFB1cO4nM+LZMW5b+s= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 195.159.176.226 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:231260 Archived-At: >> Tramp is not magical: it can do no more nor less than what an attacker >> could do. > Sure, if the attacker has control over my keyboard, or over my display, or > over the Lisp code that I load and execute. That being said, Tramp does make > attacks easier, so it has been an easy call for me to disable it. I don't see in which way you think it makes attacks easier. Are you thinking if things like file-local variables which may point to a file like "/sudo:..."? I'd expect that in most such cases such vars pointing to arbitrary files would be a risk even without the sudo method, so I'd hope we'd plug those quickly enough (and yes, the sudo method would make such attacks worse, indeed). Stefan