[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: sudo:: method in tramp possible security issue
From: |
Michael Albinus |
Subject: |
Re: sudo:: method in tramp possible security issue |
Date: |
Wed, 21 Nov 2018 08:41:55 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) |
João Távora <address@hidden> writes:
> Tramp's sudo method needs your credentials. If you don't provide
> them, Tramp cannot do anything.
>
> Like calling sudo in a terminal.
>
> It's not exactly like calling sudo in a terminal, because when you
> use sudo you generally:
>
> 1. perform a one time action and are back at a non-sudo prompt; OR
> 2. start an interactive superuser session that easy to identify
> visually
> and for which there isn't a programmatic way for other programs
> to interfere
>
> In other words, what bothers me the most about the sudo:: method is
> the persistent sudo session that makes me vulnerable to attackers, and
> to my elisp developing mistakes. This is why I think a warning makes
> sense, or some visual way to identify this vulnerable state.
There is already a "visual way to identify this state". It is called
tramp-theme, a GNU ELPA package.
This is documented in the Tramp manual, see (info "(tramp) Frequently Asked
Questions")
Again, nobody reads the manual :-(
The command `tramp-cleanup-connection' closes any background session for
a Tramp connection, including removing cached passwords. Maybe we shall
call this for sudo/su methods automatically after a given timeout, like
the password expiration for sudo in a terminal. 5 minutes seem to be a
sensible value to me.
> João
Best regards, Michael.
- Re: sudo:: method in tramp possible security issue, João Távora, 2018/11/20
- Re: sudo:: method in tramp possible security issue, Paul Eggert, 2018/11/20
- Re: sudo:: method in tramp possible security issue, Stefan Monnier, 2018/11/20
- Re: sudo:: method in tramp possible security issue, Paul Eggert, 2018/11/20
- Re: sudo:: method in tramp possible security issue, Stefan Monnier, 2018/11/20
- Re: sudo:: method in tramp possible security issue, Michael Albinus, 2018/11/20
- Re: sudo:: method in tramp possible security issue, João Távora, 2018/11/20
- Re: sudo:: method in tramp possible security issue, Stefan Monnier, 2018/11/20
- Re: sudo:: method in tramp possible security issue,
Michael Albinus <=
- Re: sudo:: method in tramp possible security issue, Michael Albinus, 2018/11/21
- Re: sudo:: method in tramp possible security issue, Filipp Gunbin, 2018/11/21
- Re: sudo:: method in tramp possible security issue, Michael Albinus, 2018/11/21
- Re: sudo:: method in tramp possible security issue, John Shahid, 2018/11/21
- Re: sudo:: method in tramp possible security issue, Michael Albinus, 2018/11/21
- Re: sudo:: method in tramp possible security issue, John Shahid, 2018/11/21
- Re: sudo:: method in tramp possible security issue, Michael Albinus, 2018/11/21
Re: sudo:: method in tramp possible security issue, Michael Albinus, 2018/11/20
Re: sudo:: method in tramp possible security issue, Michael Albinus, 2018/11/20