From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Lars Ingebrigtsen Newsgroups: gmane.emacs.devel Subject: Re: Closing a privilege escalation Date: Wed, 25 Apr 2018 03:29:25 +0200 Message-ID: References: NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: blaine.gmane.org 1524619798 6140 195.159.176.226 (25 Apr 2018 01:29:58 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Wed, 25 Apr 2018 01:29:58 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) Cc: emacs-devel@gnu.org To: Richard Stallman Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Apr 25 03:29:54 2018 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fB9Fo-0001WP-PM for ged-emacs-devel@m.gmane.org; Wed, 25 Apr 2018 03:29:52 +0200 Original-Received: from localhost ([::1]:33351 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fB9Hv-0002kp-J9 for ged-emacs-devel@m.gmane.org; Tue, 24 Apr 2018 21:32:03 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:56914) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fB9FX-0001A5-KP for emacs-devel@gnu.org; Tue, 24 Apr 2018 21:29:36 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fB9FS-0007U7-OO for emacs-devel@gnu.org; Tue, 24 Apr 2018 21:29:35 -0400 Original-Received: from hermes.netfonds.no ([80.91.224.195]:47673) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fB9FS-0007QC-Gk; Tue, 24 Apr 2018 21:29:30 -0400 Original-Received: from cm-84.212.221.165.getinternet.no ([84.212.221.165] helo=stories) by hermes.netfonds.no with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1fB9FN-0007Tt-W0; Wed, 25 Apr 2018 03:29:28 +0200 Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwAgMAAAAqbBEUAAAADFBMVEWXlauQDBSgHymdPEgC VHVuAAACKklEQVQokRXOz2vTcBgG8GdGPS3rRc8eRb1syC7FbgPFkyIi33bJfhTBZKSbowdlMFsn +Desk+6iYDLzZiZVcWPRNQHPUy+ZOL142NQU28JOS7vEb5/bhwee90W8XDcZD22rHqwVk5FLxN6t hvhXWJb/allLf6x70MnYYgrLUcWU8dvk1VsroWErj3mdslt386PtCxObcKtmQX4zl+Bi9TWoME7m i8ku0gbB1OaKqdu3OLQG3utrwK9r3a8D5hIqRs3H0PXuJBbzkKs+0Lfw5ap/7gc0WQDEh3d2/POb 0GYAQSznUoNH+zBfAm1xgfkwy9CfQSyKCzdvHO3OwxgXgmLmwfeSYsio3EMwNjSTKRXUKsxHfCCj lEvS1gqkto/LfTP5b9qOwfFTGIN4WJ4V13C/HfDZfmFqcsSCtJ1fOkQqiFZGDLASejkJjKhQNk/w TzHYj3QBSlH0BwF/tJ3WkC2e5oXALw9IyNbOCD0xf0CDOgfxCa6I7HiJYx3DbEphWW1aA3VxlkkK k9Rpgr33SWFybl9S5z/APiCd45RqUgP2RkHjEMmkV7AWXeqhQK6DVbtJXsARWjaiFlkIcsPUJBth QusI9AnL5XAi+igE7mxznVzUKXwu7CZJx3ZDJOS2hUoNSEeEyLJrqR4uNVyE1PmTkr3k0HUa2Avt MBM6URzWW3Bjp3EQNp1WmDyF7VmRF3pxvRO3UHcix0oSp+FtjKJuHVNCXkyfV+P/4Oojwktct8kA AAAASUVORK5CYII= In-Reply-To: (Richard Stallman's message of "Tue, 24 Apr 2018 21:09:14 -0400") X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 80.91.224.195 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:224856 Archived-At: Richard Stallman writes: > With some arguments, emacs started inside sudo will run the user's own > .emacs file rather than root's. This creates a known vulnerability > for privilege escalation. Is this about bug#28618? I think this issue was discussed comprehensively there. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no