From: Stefan Kangas Date: Wed, 23 Oct 2019 23:08:20 +0000 (+0200) Subject: Update FAQ section on Emacs security (Bug#37818) X-Git-Tag: emacs-27.0.90~898 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=61223a046c37d44f67e6600909439d32f8dd34f9;p=emacs.git Update FAQ section on Emacs security (Bug#37818) * doc/misc/efaq.texi (Security risks with Emacs): Remove section on movemail. Add section on third-party packages. --- diff --git a/doc/misc/efaq.texi b/doc/misc/efaq.texi index b45db4c84fe..0b7b6d9c9f2 100644 --- a/doc/misc/efaq.texi +++ b/doc/misc/efaq.texi @@ -3207,23 +3207,12 @@ You can tell Emacs the shell's current directory with the command @itemize @bullet @item -The @file{movemail} incident. (No, this is not a risk.) - -In his book @cite{The Cuckoo's Egg}, Cliff Stoll describes this in -chapter 4. The site at LBL had installed the @file{/etc/movemail} -program setuid root. (As of version 19, @file{movemail} is in your -architecture-specific directory; type @kbd{C-h v exec-directory -@key{RET}} to see what it is.) Since @code{movemail} had not been -designed for this situation, a security hole was created and users could -get root privileges. - -@code{movemail} has since been changed so that this security hole will -not exist, even if it is installed setuid root. However, -@code{movemail} no longer needs to be installed setuid root, which -should eliminate this particular risk. - -We have heard unverified reports that the 1988 Internet worm took -advantage of this configuration problem. +Third party packages. + +Any package you install into Emacs can run arbtitrary code with the +same privileges as the Emacs process itself. Be aware of this when +you use the package system (e.g. @code{M-x list-packages}) with third +party archives. Use only third parties that you can trust! @item The @code{file-local-variable} feature. (Yes, a risk, but easy to