UAC Whitelist Hole In Windows 7 496
David Gerard writes "Microsoft tried to make Vista secure with User Access Control (UAC). They relaxed it a bit in Windows 7 because it was such a pain in the backside. Unfortunately, one way they did this (the third way so far found around UAC in Windows 7) was to give certain Microsoft files the power to just ... bypass UAC. Even more unfortunately, one of the DLLs they whitelisted was RUNDLL32.EXE. The exploit is simply to copy (or inject) part of its own code into the memory of another running process and then telling that target process to run the code, using standard, non-privileged APIs such as WriteProcessMemory and CreateRemoteThread. Ars Technica writes up the issue, proclaiming Windows 7 UAC 'a broken mess; mend it or end it.'"
Comment removed (Score:1, Informative)
Re:..bungle, bungle.... (Score:3, Informative)
He's talking about use in a business. They're not going to have a deifferent OS on every desktop. They either keep buying XP with each new PC or they upgrade all existing PCs.
Re:Good thing it's a beta (Score:3, Informative)
Bull-Shit
People do not tend to use "admin accounts" for day to day tasks on OSX. You have no idea what you are even talking about. OSX uses a sudo mechanism to elevate privileges (after authentication) for processes.
It is not annoying, and fairly secure. The design is possible since they are based on a proper multi-user OS (BSD) and multi user and privilege separation is not an afterthought.
Re:OSX UAC (Score:5, Informative)
Re:No Script Bragging -- please stop (Score:5, Informative)
You don't know anything of what you speak.
No Script is about MY having the choice of whether to run an arbitrary program on MY computer. I set up the whitelist, and I decide whether to make an exception.
My ruff & reddy rules of usage:
Web pages that are using scripts from three different sources are not uncommon any more. Web pages that are using scripts from 5 or 6 sources are not rare. There are web pages that are using sources that in turn draw on other sources. When running NoScript, I decide not only whether I trust the developer of this web page, but whether I trust his judgment about the scripts that he is importing from elsewhere. I decide how wide I will let the circle of trust get.
It's really a no-brainer. If you recognize the possibility that you might do something of value with the computer you are using, then use NoScript or something like that as a low cost method of protecting that potential. Otherwise, I would appreciate it if you would disconnect your virus infected, zombied machine from the internet, because your negligence is diminishing the common good.
Re:OSX UAC (Score:3, Informative)
Actually, what it has is essentially like sudo but with a graphical authentication system. (The authentication controls allow a fairly large amount of flexibility, but one of its major purposes is a gateway to setuid.)
If you've ever written these sorts of programs, it's not "mind-boggling" at all. The Terminal will let you sudo-run any command you want; of course you can do it through the Terminal. They haven't covered in the Finder every possible situation you might need privilege escalation -- they have to call the authentication and escalation themselves.
Re:No Script Bragging -- please stop (Score:5, Informative)
[ ] You know that most security holes needing little to no user interaction require JavaScript to function properly.
[ ] You know that NoScript can also block other techniques (Flash, Java) that are posing security risks.
No?
Re:If it was easy-- (Score:3, Informative)
Microsoft's behavior with Excel reflects their general behavior. They have taken YEARS to patch bugs like the CSRSS backspace exploit (unprivileged bug causing complete crash of system).
Re:If it was easy-- (Score:3, Informative)
The main reason for requiring admins to use sudo is accountability - all actions can be properly logged and audited. That's not possible if you allow admins to su to root or login as root. In any environment of any consequence that has multiple admins with (possibly individually varying levels of) root privileges, using sudo is the sensible and secure way to do it.