funsec mailing list archives
Re: Administrator Accounts
From: Matthew Murphy <mattmurphy () kc rr com>
Date: Wed, 22 Feb 2006 19:41:31 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Nick FitzGerald wrote:
Vicky Røde wrote:According to uac's own blog (http://blogs.msdn.com/uac/), users will run as a standard user even administrators. vista will be implementing something similar to sudo to which i say, about time.So the security model of Vista is designed to deliberately (and irreversably??) break all those "mission critical" apps written way back before any cared that much about security (because they hadn't heard about that "Internet thing" yet) and all those more recent apps written by a pack of gibbons that (read my recent post in this thread for the rest...)?? Wow -- that will ensure no-one runs it...
The post you're responding to vastly oversimplifies it. UAP (or UAC now) causes the interactively logged-on administrator to run as a normal user. However, Vista allows you to selectively elevate an application to full privilege which can be used to run one of those least-privilege disasters with your full rights. Vista uses Application Impact Management (AIM) to handle some of those applications that write in 'no-no' directories like the system directory or their install folders. If access is denied to the location of a write attempt to resources like the registry or a file (e.g., a temporary file in a poorly-thought-out place, as you outline), the user gets his/her own copy of the file and can continue to use the application as if it were able to alter the file in question. This is the root of the groan at "poly-instantiated" files earlier in the thread. If a broken application writes to the system directory, program files, etc., it will silently be redirected into a user-only directory that will contain the modified files. I can picture a few nightmare scenarios that would massively clog up that shadow directory (e.g., applications that assume users are able to install software updates), but I'd imagine that AIM could be enabled/disabled on a case-by-case basis. If AIM is implemented in a reasonably intelligent manner (not a given, necessarily) it could very well eliminate a few of the needless administrative-privilege dependencies in today's applications. Some apps will continue to require full administrative privileges, simply because they use functionality that shouldn't be accessible to users. These include things like Backup, Policy Editors, etc. If you're an administrator limited by Vista's UAC, you can elevate those applications up to full rights with the click of a button. - -- "Social Darwinism: Try to make something idiot-proof, nature will provide you with a better idiot." -- Michael Holstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB5444D38 iD8DBQFD/RLLfp4vUrVETTgRA/XYAKCGclsY6wpUReXFjLZZU4TV59ne4gCaA2G5 wiYJOlPq7FfE28Ak7QPwYBo= =/4AS -----END PGP SIGNATURE-----
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Administrator Accounts, (continued)
- RE: Administrator Accounts Larry Seltzer (Feb 22)
- Re: Administrator Accounts Matthew Murphy (Feb 22)
- RE: Administrator Accounts Larry Seltzer (Feb 22)
- Re: Administrator Accounts Blue Boar (Feb 22)
- RE: Administrator Accounts Larry Seltzer (Feb 22)
- Re: Administrator Accounts Blue Boar (Feb 22)
- RE: Administrator Accounts Larry Seltzer (Feb 22)
- Re: Administrator Accounts Nick FitzGerald (Feb 22)
- Re: Administrator Accounts Vicky Røde (Feb 22)
- Re: Administrator Accounts Nick FitzGerald (Feb 22)
- Re: Administrator Accounts Matthew Murphy (Feb 22)
- Re: Administrator Accounts James Kehl (Feb 23)
- Re: Administrator Accounts Matthew Murphy (Feb 23)
- Re: Administrator Accounts Blue Boar (Feb 23)
- Re: OT Ferrari Enzo crash Dude VanWinkle (Feb 22)
- Message not available
- Re: OT Ferrari Enzo crash Brian Loe (Feb 22)