[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Closing a privilege escalation
From: |
Stefan Monnier |
Subject: |
Re: Closing a privilege escalation |
Date: |
Wed, 25 Apr 2018 13:09:19 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) |
> A normal (uncompromised) user account inadvertently installs a malicious
> Emacs package that contains exploit code that waits to be run as root.
At that point, the account *is* compromised.
And this exploit code could just as well not wait to be run as root and
instead install a key-logger on `sudo`, after which the attacker can
`sudo` to run any code it wants.
> This entire class of exploit can be avoided by suitable sudo options
> (always_set_home etc), but that doesn't necessarily mean that Emacs
> should not do something about it.
I think running as UID=0 with $HOME pointing to a directory writable (or
containing files writable) by non-root users is fundamentally insecure.
More generally $HOME should point to a directory which is only writable
by users of higher-or-equal privilege-level.
> It seems to me, that "if UID = 0, set user-init-file, user-emacs-directory
> etc to those of root" is a simpler solution that the one you propose.
We could try and paper over the problem this way, indeed.
Rather than (re)set user-init-file and user-emacs-directory, I'd rather
reset $HOME altogether (and stash the old value somewhere, so
~root/.emacs can still read that user's ~/.emacs if they *really* want),
tho, and emit a warning message while doing it, of course, so the user
isn't caught by surprise.
Stefan
- Re: Closing a privilege escalation, (continued)
- Re: Closing a privilege escalation, Richard Stallman, 2018/04/25
- Re: Closing a privilege escalation, Lars Ingebrigtsen, 2018/04/26
- Re: Closing a privilege escalation, Lars Ingebrigtsen, 2018/04/26
- Re: Closing a privilege escalation, Richard Stallman, 2018/04/26
- Re: Closing a privilege escalation, Tim Cross, 2018/04/26
- Re: Closing a privilege escalation, Richard Stallman, 2018/04/27
- Re: Closing a privilege escalation, Marcin Borkowski, 2018/04/27
- Re: Closing a privilege escalation, Clément Pit-Claudel, 2018/04/27
Re: Closing a privilege escalation, Davis Herring, 2018/04/25
Re: Closing a privilege escalation, Glenn Morris, 2018/04/25