The designers of Windows Vista's User Account Control expressly decided not to incorporate functionality like setuid/suid or sudo found in Unix and Unix-like OSes such as Mac OS X. I think they made the right decision.
at least as important – how do you ensure that malware that has infected the user's session cannot drive a setuid application programmatically to take over the system? Ensuring strict behavioral boundaries for complex software running with elevated privileges is (at best) incredibly difficult. And ensuring that it is free of exploitable design and implementation bugs is far beyond the capabilities of software engineering today.
Privilege escalation due to setuid and sudo has plagued Unix-like systems for many years, and continues to do so. In fact, several of the bugs in the recent Month of Apple Bugs fell into this category.
だーから言ってんじゃねえかよおsudoじゃ駄目なんだよ (スコア:0)
やっぱUACじゃねえとな
https://blogs.msdn.microsoft.com/aaron_margosis/2007/06/29/faq-why-can... [microsoft.com]
The designers of Windows Vista's User Account Control expressly decided not to incorporate functionality like setuid/suid or sudo found in Unix and Unix-like OSes such as Mac OS X. I think they made the right decision.
at least as important – how do you ensure that malware that has infected the user's session cannot drive a setuid application programmatically to take over the system? Ensuring strict behavioral boundaries for complex software running with elevated privileges is (at best) incredibly difficult. And ensuring that it is free of exploitable design and implementation bugs is far beyond the capabilities of software engineering today.
Privilege escalation due to setuid and sudo has plagued Unix-like systems for many years, and continues to do so. In fact, several of the bugs in the recent Month of Apple Bugs fell into this category.
Re: (スコア:0)
サーバにGUIを使うバカ
Re: (スコア:0)
いつの時代のWindows Serverだよw
Re: (スコア:0)
何度言っても「UACはそもそもセキュリティ機能ではない」のほうは故意に無視する印象操作乙
https://blogs.msdn.microsoft.com/e7/2009/02/05/update-on-uac/ [microsoft.com]
Re: (スコア:0)
過去に何度も問題を起こしている autoElevate が true のファイルを利用した UAC の回避って根本的に解決したんでしたっけ?
Re: (スコア:0)
バグではなく仕様です
気になる人は自動昇格を無効化してください
There are really only two effectively distinct settings for the UAC slider [microsoft.com]
Re: (スコア:0)
UACが有効でも管理者ユーザーを使うな
一般ユーザーを常用して昇格プロンプトに毎回パスワードを入れろ
Re: (スコア:0)
自動昇格の無効化は効果あるでしょうけど、
普段使ってるユーザが管理者ユーザかどうかは関係ないんじゃなかったでしたっけ?
例えば下記のブログのような攻撃については、一般ユーザでログインしていた場合も
感染する可能性があるって話じゃなかったですかね?
https://www.mbsd.jp/blog/20171012.html [www.mbsd.jp]