[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Closing a privilege escalation
From: |
Richard Stallman |
Subject: |
Re: Closing a privilege escalation |
Date: |
Thu, 26 Apr 2018 17:01:34 -0400 |
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> And this exploit code could just as well not wait to be run as root and
> instead install a key-logger on `sudo`, after which the attacker can
> `sudo` to run any code it wants.
Maybe it is possible to figure out ways to make it impossible to set
up a phony sudo command. But that would require several new security
features. I don't know whether such features are possible or not.
It would be worth studying, but it isn't related to Emacs.
So I guess we can forget about trying to solve the rewritten .emacs
problem.
--
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
Skype: No way! See https://stallman.org/skype.html.