17 Mar 2018

It is always best to use a good text editor as it helps you save time and makes work more efficiently. Example text editors like Sublime are very helpful as it has some useful tools like ‘syntax highlighting’ and ‘autocomplete’ which makes programming easier. Also, these text editors provide user extensibility which enables the user to install and run third-party plugins that can improve the editor’s functionality and scope.

But it is evident that third-party plugins are risk prone to hacking either it be WordPress plugins or Windows’ extensions for Chrome, Firefox or Photoshop.

Numerous popular extensible text editors for Unix and Linux such as Sublime, Vim, Emacs, Gedit, and pico/nano were examined by SafeBreach researcher Dor Azouri and it was found that all of these are vulnerable to a critical privilege escalation flaw that could be utilized by attackers to run malicious code on a victims’ machines.

This method becomes a success even if the file is opened in the editor or not, so even limitations commonly applied on sudo commands might not protect from it. Technical users might need to edit root-owned files, and they open their editor with elevated privileges, using ‘sudo.’ There are many valid reasons to elevate the privileges of an editor.

The issue lies in the way these text editors load plugins. There is insufficient separation of regular and elevated modes when loading plugins for these editors.

Their folder permissions integrity is not maintained correctly, which invites the attackers with regular user permissions to elevate their privileges and execute arbitrary code on the user’s machine.

A simple malicious advertising campaign allows the attackers to spread malicious extension for vulnerable text editors, which enables them to run malicious code with elevated privileges, install malware and remotely take full control of targeted computers.

Unix users can use an open-source host-based intrusion detection system, called OSSEC, to actively monitoring system activity, files integrity, logs, and processes.

When the editor is elevated the users must try not to use third party plugins. They must also deny write permissions for non-elevated users.

Azouri advised text editor developers to change the folders and file permission models to complete the separation between regular and elevated modes and also to include a manual interface for users to approve the elevated loading of plugins.

Technical Writer,  Blogger,

Leave your thought

This site uses Akismet to reduce spam. Learn how your comment data is processed.