Text Editor Plugins Can Leave Users Susceptible to Getting Hacked
Whether you are a writer, developer, or designer, a good text editor will always help you save time and work more efficiently. For example, I often utilize Sublime whilst programming because it contains useful tools, such as syntax highlighting and autocomplete.
These advanced text editors also offer users extensibility, by enabling them to install and operate 3rd party plugins. These plugins extend the editor’s functionality and above all its scope.
Although, it is a commonly known fact that 3rd party plugins can pose the danger of being hacked. Whether it is WordPress plugins or Windows extensions for Chrome, Mozilla Firefox or even Photoshop, many 3rd party’s pose a serious threat.
SafeBreach researcher Dor Azouri examined several popular extensible text editors for Unix and Linux systems, such as Sublime Text, Vim, Emacs, Gedit, and pico/nano. He found that all of them except pico/nano were susceptible to a crucial privilege escalation flaw which can be exploited by hackers.
According to Azouri’s paper, this system succeeds no matter what document is being open in the editor, so limitations commonly applied on ‘sudo commands’ could not shield from it.
Technical users will occasionally have to edit root-owned files, and for that purpose they’ll open their editor with elevated privileges, using ‘sudo.’
There are various reasons to elevate the rights of an editor. The problem lies in the way these text editors download plug-ins.
According to the Azouri, there is an inadequate separation of regular and raised modes when loading plugins for these editors. Their folder permissions integrity isn’t correctly maintained, which can allow attackers with regular user permissions to elevate their privileges and execute an arbitrary code on the user’s computer.
An easy malvertising campaign may allow attackers to spread a malicious extension for vulnerable text editors, enabling them to run malicious code through their elevated privileges and install malware that can remotely take full control of targeted computers.
Azouri suggests that Unix users use an open source server-based intrusion detection system, known as OSSEC, to actively monitoring system activity, files ethics, logs, and processes. Users should steer clear of loading third-party plugins when the editor is raised and denies write permissions for non-elevated users.
Azouri advised developers of text editors to change the folders and file permission models to finish the separation between regular and elevated modes. As well, when it is possible, provide a manual interface for most users to approve the high load of plugins.
Share your thoughts!
At Milcom Services, we find Sublime to be our preferred text editor because of it’s simple format and useful tools. Let us know in the comments which text editors you find the most useful and why.