Re: Closing a privilege escalation

[Tim Cross]

Agree. I don't think this is an issue emacs can address. It is really about how sudo is configured. On many systems, users with the 'admin' privilege can run sudo to execute any command, including sudo su - root. Once you have root, game over - e.g. I can easily edit .emacs of any user and there is little emacs can do to detect that (unless you want to go the over kill route of requiring a gpg key at startup to allow emacs to read an encrypted .emacs or similar). As Lars points out, once you have root, you can just as easily compromise some other part of the system or install a key logger or even a modified version of emacs itself. 

On 27 April 2018 at 07:05, Richard Stallman <address@hidden> wrote:

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > I thought the discussion concluded that a sudo user can do anything
  > (like put stuff in root's ~/.bashrc), and that this isn't something that
  > Emacs should worry about.

A sudo-capable user can do all sorts of bad things while sudoing,
but that's not what we are talkin about.
Here the issue is what malicious code can do, while that user is NOT sudoing,
to arrange to take advantage later.  One way is by editing .emacs
so that it will do something bad next time the user runs Emacs under sudo.

Unfortunately, it seems there are many ways the code could do that,
which do not work by editing .emacs.  So trying to block that avenue
is ineffective.

--
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
Skype: No way! See https://stallman.org/skype.html.

--

regards,

Tim

--

Tim Cross