[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Closing a privilege escalation
From: |
Lars Ingebrigtsen |
Subject: |
Re: Closing a privilege escalation |
Date: |
Thu, 26 Apr 2018 09:52:34 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) |
Lars Ingebrigtsen <address@hidden> writes:
> Richard Stallman <address@hidden> writes:
>
>> The discussion reached the conclusion that the problem is real, even
>> with recent GNU/Linux systems. We have not fixed it.
>
> I thought the discussion concluded that a sudo user can do anything
> (like put stuff in root's ~/.bashrc), and that this isn't something that
> Emacs should worry about.
Oh, I see: The sploit here is that somebody has access to a user's
account, but doesn't know what the user's password is? So they place
something in the user's .emacs file that'll be run after the user does a
sudo and then starts Emacs as root?
Sounds kinda cumbersome when the attacker could just install a keylogger
for the user and so on...
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Re: Closing a privilege escalation, Davis Herring, 2018/04/25
Re: Closing a privilege escalation, Glenn Morris, 2018/04/25