bug-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#12632: file permissions checking mishandled when setuid


From: Paul Eggert
Subject: bug#12632: file permissions checking mishandled when setuid
Date: Fri, 19 Oct 2012 12:36:54 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121009 Thunderbird/16.0

On 10/19/2012 12:05 PM, Glenn Morris wrote:

> I doubt anyone is running setuid Emacs anywhere

People do it all the time, often unwittingly, typically by
having setuid or settgid scripts that end up invoking an
editor.  I've run into the problem myself.

But I agree that this bug is not a new one.  The first bug
report I could find for it was from Chris Torek, dated 1983!
I suppose that if Emacs users have lived with this security
hole for three decades, they can live with it for a while
longer.  So I reverted the change from the trunk.

Here's a copy of Torek's report:

http://www.megalextoria.com/usenet-archive/news005f1/b12/net.emacs/00000104.html





reply via email to

[Prev in Thread] Current Thread [Next in Thread]