Bugtraq mailing list archives
Re: Graphiciizing su for NT WAS: RE: XML in IE 5.0
From: jjohanss () BU EDU (Jesper M. Johansson)
Date: Fri, 21 Jan 2000 10:21:12 -0500
It is possible to run 2 (or more) complete desktops as your self and
another
user (like domain admin) with res kit utils. Most people have
mentioned the
su included in the res kit, you just have to combine it with a desktop switcher like vdesk (also res kit). Switch to another desktop, run
explorer
via su and viola a fully graphical environment (the first explorer run creates the desktop, and subsequent ones open file explorer windows)
There are several problems with vdesk. First, it is not terribly stable, although for some uses, stable enough. The second problem is more insidious:
3. Open User Manager, select the local machine and add the following
rights
to the user who will run vdesk (normally the standard user ID) . 1. "Act as part of the operating system" 2. "Increase quotas" 3. "Replace a process level token"
If I give a regular user these rights, I have defeated much of the rationale for running as a regular user in the first place. That's the larger problem. I want to be able to run as a highly unprivileged user, not one that can act as the TCB. Jesper
Current thread:
- Graphiciizing su for NT WAS: RE: XML in IE 5.0 SanMillan, Todd (Jan 19)
- (no subject) Morris, Joseph L. (Jan 21)
- Re: Graphiciizing su for NT WAS: RE: XML in IE 5.0 Jesper M. Johansson (Jan 21)