Re: emacsclient socket ownership

[Stefan Monnier]

> It checks if the socket is owned by the same user (function socket_status).
> If the user is root, however, this check is ignored (master emacsclient
> line 1370). Is this not a security issue? Any user can create a socket
> /tmp/emacs0/server, and root emacsclient will use it.

Sounds like a security issue, yes: root may end up talking to some other
user's Emacs.  This seems to date back to

    commit 9f637eea618b3b6b764b92405a480c254756f94a
    Author: Gerd Moellmann <address@hidden>
    Date:   Fri Jan 28 15:02:20 2000 +0000

        (socket_status): New function.
        (main): if $LOGNAME or $USER exist and differ from our euid, look
        for a socket based on the UID associated with the name.

so it's likely meant for the case where you `su` (or `sudo`) and want to
use emacsclient from root but connect to your main (non-root) Emacs server.

Not sure how to reconcile the two.  I guess the risk is reduced in
practice for the following reason: server.el should hopefully signal an
error if it can't create&own /tmp/emacsUID/server, so emacsclient only
risks connecting to a wrong Emacs if:
- you forgot to start your Emacs server.
- your Emacs failed to start and you didn't notice it.
- server.el did not check things carefully enough and the attacker
  managed to replace your socket with his (e.g. /tmp/emacsUID/ or /tmp is
  somehow writable for the attacker).


        Stefan