[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random num
From: |
Eli Zaretskii |
Subject: |
bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems |
Date: |
Fri, 18 Dec 2015 12:46:26 +0200 |
> From: Demetri Obenour <demetriobenour@gmail.com>
> Date: Fri, 18 Dec 2015 05:05:09 -0500
>
>
> 1. Be logged into the same Windows computer as someone else.
> 2. Have a process running that is notified whenever a process starts up
> 3. Have them run `emacs --daemon' or invoke `server-start'.
> 4. Use the knowledge of the current time and the server's PID to guess
> the authentication key.
> 5. Connect to the other user's Emacs server.
> 6. Execute arbitrary code with the other user's privileges.
Please provide the necessary details for reproducing this problem and
verifying the solution. What I'm missing:
> 1. Be logged into the same Windows computer as someone else.
How do you do that? I understand you are describing a situation where
2 users are logged into the same Windows system simultaneously using
the same credentials, is that true? If so, how to create such a
situation?
> 2. Have a process running that is notified whenever a process starts up
> 3. Have them run `emacs --daemon' or invoke `server-start'.
> 4. Use the knowledge of the current time and the server's PID to guess
> the authentication key.
I don't think we use the current time and PID for that, but even if we
do, how do you get a hold of the time at the moment of the server
creation to nanosecond resolution? Please tell how to do that.
Thanks.
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Demetri Obenour, 2015/12/18
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems,
Eli Zaretskii <=
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Richard Copley, 2015/12/29
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Eli Zaretskii, 2015/12/29
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Richard Copley, 2015/12/29
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, David Engster, 2015/12/29
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Richard Copley, 2015/12/29
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, David Engster, 2015/12/29
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Richard Copley, 2015/12/29
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Eli Zaretskii, 2015/12/30
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Richard Copley, 2015/12/30
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Eli Zaretskii, 2015/12/30