[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#28618: Emacs Security Issue
|
From: |
Noam Postavsky |
|
Subject: |
bug#28618: Emacs Security Issue |
|
Date: |
Thu, 28 Sep 2017 07:25:32 -0400 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.0.60 (gnu/linux) |
tags 28618 + unreproducible
quit
Dor Azouri <dor.azouri@safebreach.com> writes:
> Reproduction steps:
> ===================
> 1) Add the following ELisp line of code to the init file. It will be
> loaded on startup and execute the command “touch /stub.file”, when “~
> /.emacs.d/” is the working directory.
> (let ((default-directory "~/.emacs.d/")) (shell-command
> "touch /stub.file"))
> 2) Wait for the user to invoke Emacs in elevated mode. The owner of
> the newly created stub file is root.
As Glenn noted, this doesn't actually work: 'sudo emacs' uses
/root/.emacs, not ~/.emacs.
~$ sudo id
uid=0(root) gid=0(root) groups=0(root)
~$ echo '(let ((default-directory "~/.emacs.d/")) (shell-command "touch
/stub.file"))' > .emacs
~$ emacs # *Messages* has "touch: cannot touch '/stub.file': Permission denied"
~$ ls /stub.file
ls: cannot access '/stub.file': No such file or directory
~$ sudo emacs
~$ ls /stub.file
ls: cannot access '/stub.file': No such file or directory