Vigil@nce: Emacs, code execution via emacs.py
September 2008 by Vigil@nce
A local attacker can create the emacs.py file in order to execute code with privileges of the Emacs user.
Consequences: user access/rights
Provenance: user shell
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: medium (2/3)
Creation date: 09/09/2008
Unix - plateform
The Emacs editor supports the Python language:
the "run-python" command executes a Python program
in "eldoc-mode" mode, the command "run-python" is called when a Python file is opened
When "run-python" is executed, the "emacs.py" configuration file is searched and automatically run. However, this file is first searched in the current directory.
An attacker can therefore create an "emacs.py" file in a directory, and invite the victim to open a Python file in this same directory, in order to force the code from "emacs.py" to be executed.
Identifiers: BID-31052, VIGILANCE-VUL-8096