[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: secure_getenv + windows
From: |
Bruno Haible |
Subject: |
Re: secure_getenv + windows |
Date: |
Sun, 29 May 2016 23:49:41 +0200 |
User-agent: |
KMail/4.8.5 (Linux/3.8.0-44-generic; KDE/4.8.5; x86_64; ; ) |
Paul,
> Thanks, that all looks good to me.
OK, I've pushed it.
> I don't know the distinction between runas and runas /env
[1] explains it. I don't think there is a security pitfall here: The
responsibility is with the user who runs a 'runas' command or installs
a scripts that runs 'runas'.
> I was concerned that simply using getenv would introduce security problems.
> Bruno's patch contains a comment
> containing the sort of explanation I was looking for.
More details:
The security problems are mitigated by the fact that the OS asks the user
before running a program with elevated privileges - even in the case where
the executable is configured to always run with elevated privileges [2].
In native Windows, a program cannot run code with elevated privileges
without the user being aware of it. There is the "task scheduler trick" [3]
but it too requires action by an administrator.
Bruno
[1] http://ss64.com/nt/runas.html
[2]
http://superuser.com/questions/604927/how-do-i-configure-my-application-to-run-as-administrator-automatically
[3]
http://www.howtogeek.com/howto/windows-vista/create-administrator-mode-shortcuts-without-uac-prompts-in-windows-vista/