|
From: | Phil Sainty |
Subject: | bug#31709: 27.0.50; Wishlist: Perhaps Emacs should load a file when getting a particular signal? |
Date: | Wed, 06 Jun 2018 03:51:10 +1200 |
User-agent: | Orcon Webmail |
On 2018-06-06 03:35, Phil Sainty wrote:
On 2018-06-06 02:38, Eli Zaretskii wrote:Having a fixed file name in Emacs that is loaded by an external signal would be a terrible security risk, no?Bad Things could surely be done; but if the attacker has access to send signals to the user's emacs process or write files in the user's ~/.emacs.d directory, has a terrible security breach not already occurred? The notion of an attacker gaining access to a running Emacs session is certainly bad, but I'm unsure whether the proposed idea really worsens the risk in principle?
In fact if you normally run emacs as a server you're opening up the same security risk, no? An attacker who could send a signal to an emacs process can also run emacsclient to access an existing server; and I don't think we consider the practice of running an emacs server to be a terrible security risk. -Phil
[Prev in Thread] | Current Thread | [Next in Thread] |