[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: sudo:: method in tramp possible security issue
From: |
Stefan Monnier |
Subject: |
Re: sudo:: method in tramp possible security issue |
Date: |
Tue, 20 Nov 2018 18:12:05 -0500 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) |
> In other words, what bothers me the most about the sudo:: method is
> the persistent sudo session that makes me vulnerable to attackers, and
> to my elisp developing mistakes. This is why I think a warning makes
> sense, or some visual way to identify this vulnerable state.
I guess it all depends on the sudo setup:
Can you run a shell via sudo? On those machines where I can do that,
I typically do "sudo zsh" and then live happily in my root shell.
But even you don't, after you've used sudo, there's a time window
during which sudo won't ask for your password and during which an
attacker could run "sudo sh" via start-process, regardless of Tramp.
If you can't run a shell via sudo, then Tramp's sudo method won't work
anyway.
Stefan
- Re: sudo:: method in tramp possible security issue, João Távora, 2018/11/20
- Re: sudo:: method in tramp possible security issue, Paul Eggert, 2018/11/20
- Re: sudo:: method in tramp possible security issue, Stefan Monnier, 2018/11/20
- Re: sudo:: method in tramp possible security issue, Paul Eggert, 2018/11/20
- Re: sudo:: method in tramp possible security issue, Stefan Monnier, 2018/11/20
- Re: sudo:: method in tramp possible security issue, Michael Albinus, 2018/11/20
- Re: sudo:: method in tramp possible security issue, João Távora, 2018/11/20
- Re: sudo:: method in tramp possible security issue,
Stefan Monnier <=
- Re: sudo:: method in tramp possible security issue, Michael Albinus, 2018/11/21
- Re: sudo:: method in tramp possible security issue, Michael Albinus, 2018/11/21
- Re: sudo:: method in tramp possible security issue, Filipp Gunbin, 2018/11/21
- Re: sudo:: method in tramp possible security issue, Michael Albinus, 2018/11/21
- Re: sudo:: method in tramp possible security issue, John Shahid, 2018/11/21
- Re: sudo:: method in tramp possible security issue, Michael Albinus, 2018/11/21
- Re: sudo:: method in tramp possible security issue, John Shahid, 2018/11/21
- Re: sudo:: method in tramp possible security issue, Michael Albinus, 2018/11/21
Re: sudo:: method in tramp possible security issue, Michael Albinus, 2018/11/20
Re: sudo:: method in tramp possible security issue, Michael Albinus, 2018/11/20