[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: emacsclient socket ownership
From: |
Yuri Khan |
Subject: |
Re: emacsclient socket ownership |
Date: |
Fri, 2 Nov 2018 23:53:03 +0700 |
On Fri, Nov 2, 2018 at 10:39 PM Stefan Monnier <address@hidden> wrote:
>
> > It checks if the socket is owned by the same user (function socket_status).
> > If the user is root, however, this check is ignored (master emacsclient
> > line 1370). Is this not a security issue? Any user can create a socket
> > /tmp/emacs0/server, and root emacsclient will use it.
>
> Sounds like a security issue, yes: root may end up talking to some other
> user's Emacs.
Talking, in and of itself, is not a vulnerability. Can the limited
user’s server.el actually entice the root’s emacsclient to do
something that user would not be able to do?
Re: emacsclient socket ownership, Glenn Morris, 2018/11/04
- Re: emacsclient socket ownership, Paul Eggert, 2018/11/05
- Re: emacsclient socket ownership, Stefan Monnier, 2018/11/05
- Re: emacsclient socket ownership, Paul Eggert, 2018/11/05
- Re: emacsclient socket ownership, Daniel Pittman, 2018/11/06
- Re: emacsclient socket ownership, Stefan Monnier, 2018/11/06