Re: sudo:: method in tramp possible security issue

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sudo:: method in tramp possible security issue

From:	Stefan Monnier
Subject:	Re: sudo:: method in tramp possible security issue
Date:	Tue, 20 Nov 2018 18:12:05 -0500
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)

> In other words, what bothers me the most about the sudo:: method is
> the persistent sudo session that makes me vulnerable to attackers, and
> to my elisp developing mistakes.  This is why I think a warning makes
> sense, or some visual way to identify this vulnerable state.

I guess it all depends on the sudo setup:

Can you run a shell via sudo?  On those machines where I can do that,
I typically do "sudo zsh" and then live happily in my root shell.
But even you don't, after you've used sudo, there's a time window
during which sudo won't ask for your password and during which an
attacker could run "sudo sh" via start-process, regardless of Tramp.

If you can't run a shell via sudo, then Tramp's sudo method won't work
anyway.


        Stefan

[Prev in Thread]

Current Thread

[Next in Thread]

Re: sudo:: method in tramp possible security issue, João Távora, 2018/11/20
- Re: sudo:: method in tramp possible security issue, Paul Eggert, 2018/11/20
  - Re: sudo:: method in tramp possible security issue, Stefan Monnier, 2018/11/20
    - Re: sudo:: method in tramp possible security issue, Paul Eggert, 2018/11/20
    - Re: sudo:: method in tramp possible security issue, Stefan Monnier, 2018/11/20
    - Re: sudo:: method in tramp possible security issue, Michael Albinus, 2018/11/20
    - Re: sudo:: method in tramp possible security issue, João Távora, 2018/11/20
    - Re: sudo:: method in tramp possible security issue, Stefan Monnier <=
    - Re: sudo:: method in tramp possible security issue, Michael Albinus, 2018/11/21
    - Re: sudo:: method in tramp possible security issue, Michael Albinus, 2018/11/21
    - Re: sudo:: method in tramp possible security issue, Filipp Gunbin, 2018/11/21
    - Re: sudo:: method in tramp possible security issue, Michael Albinus, 2018/11/21
    - Re: sudo:: method in tramp possible security issue, John Shahid, 2018/11/21
    - Re: sudo:: method in tramp possible security issue, Michael Albinus, 2018/11/21
    - Re: sudo:: method in tramp possible security issue, John Shahid, 2018/11/21
    - Re: sudo:: method in tramp possible security issue, Michael Albinus, 2018/11/21
  - Re: sudo:: method in tramp possible security issue, Michael Albinus, 2018/11/20
- Re: sudo:: method in tramp possible security issue, Michael Albinus, 2018/11/20

Prev by Date: Re: sudo:: method in tramp possible security issue
Next by Date: Re: Window tree and window's internal height
Previous by thread: Re: sudo:: method in tramp possible security issue
Next by thread: Re: sudo:: method in tramp possible security issue
Index(es):
- Date
- Thread