From: Rafael Ramirez Morales <firstname.lastname@example.org> To: Tim Cross <email@example.com> Cc: firstname.lastname@example.org Subject: Re: bug#48676: Arbitrary code execution in Org export macros Date: Thu, 27 May 2021 15:35:25 +0200 [thread overview] Message-ID: <CAL1NY7bn3tzTim8_9YXRUNoQyyrabqyDqHzbYuE9iAKx-Qt+0A@mail.gmail.com> (raw) In-Reply-To: <email@example.com> [-- Attachment #1: Type: text/plain, Size: 1081 bytes --] Thanks, you managed to understand my question. I was wondeing if there was a risk of privilege escalation. Fortunately that seems not to be the case. El jue., 27 may. 2021 15:13, Tim Cross <firstname.lastname@example.org> escribió: > > Rafael Ramirez Morales <email@example.com> writes: > > > Just a couple of questions: > > who is the owner of the HELLO file? > > OR > > who is the owner of the "touch" process? > > > > Is the owner the unprivileged user or the "emacs" system? > > > > Thanks. > > > > Not clear exactly what your asking. The process which will execute the > 'touch' will be a sub-process of the process running Emacs. This will > typically be the user who executes Emacs and willl have the same > permissions and access rights as the user running Emacs. There is no > 'emacs' system and the privileges will be the same as the user who runs > Emacs. This is assuming a 'normal' installation, not some unusual setup > which uses setuid or similar to alter the way Emacs runs or the > ownership of files in a directory etc. > > [-- Attachment #2: Type: text/html, Size: 1594 bytes --]
prev parent reply other threads:[~2021-05-27 13:49 UTC|newest] Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-05-26 15:52 Glenn Morris 2021-05-26 17:07 ` Timothy 2021-05-26 18:00 ` Tom Gillespie 2021-05-26 23:01 ` Tim Cross 2021-05-27 2:54 ` Greg Minshall 2021-05-27 7:02 ` Rafael Ramirez Morales 2021-05-27 12:55 ` Tim Cross 2021-05-27 13:35 ` Rafael Ramirez Morales [this message]
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style List information: https://www.orgmode.org/ * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=CAL1NY7bn3tzTim8_9YXRUNoQyyrabqyDqHzbYuE9iAKx-Qt+0A@mail.gmail.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --subject='Re: bug#48676: Arbitrary code execution in Org export macros' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
Code repositories for project(s) associated with this inbox: https://git.savannah.gnu.org/cgit/emacs/org-mode.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).