The designers of Windows Vista's User Account Control expressly decided not to incorporate functionality like setuid/suid or sudo found in Unix and Unix-like OSes such as Mac OS X. I think they made the right decision.
at least as important – how do you ensure that malware that has infected the user's session cannot drive a setuid application programmatically to take over the system? Ensuring strict behavioral boundaries for complex software running with elevated privileges is (at best) incredibly difficult. And ensuring that it is free of exploitable design and implementation bugs is far beyond the capabilities of software engineering today.
Privilege escalation due to setuid and sudo has plagued Unix-like systems for many years, and continues to do so. In fact, several of the bugs in the recent Month of Apple Bugs fell into this category.
だーから言ってんじゃねえかよおsudoじゃ駄目なんだよ (スコア:0)
やっぱUACじゃねえとな
https://blogs.msdn.microsoft.com/aaron_margosis/2007/06/29/faq-why-can... [microsoft.com]
The designers of Windows Vista's User Account Control expressly decided not to incorporate functionality like setuid/suid or sudo found in Unix and Unix-like OSes such as Mac OS X. I think they made the right decision.
at least as important – how do you ensure that malware that has infected the user's session cannot drive a setuid application programmatically to take over the system? Ensuring strict behavioral boundaries for complex software running with elevated privileges is (at best) incredibly difficult. And ensuring that it is free of exploitable design and implementation bugs is far beyond the capabilities of software engineering today.
Privilege escalation due to setuid and sudo has plagued Unix-like systems for many years, and continues to do so. In fact, several of the bugs in the recent Month of Apple Bugs fell into this category.
Re:だーから言ってんじゃねえかよおsudoじゃ駄目なんだよ (スコア:0)
何度言っても「UACはそもそもセキュリティ機能ではない」のほうは故意に無視する印象操作乙
https://blogs.msdn.microsoft.com/e7/2009/02/05/update-on-uac/ [microsoft.com]