Linked by Thom Holwerda on Thu 11th Jun 2009 10:00 UTC
Not too long ago, we ran a story informing you of how the auto-elevation feature in Windows 7 is broken in a way that allows malicious programs to silently gain administrative privileges. We wondered if Microsoft was ever going to fix this one before Windows 7 goes final, and even though we're not there yet, a recent article by Mark Russinovich seems to imply pretty strongly that no, Microsoft is not going to fix this.
Thread beginning with comment 368008
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[5]: It is the Microsoft way
by MamiyaOtaru on Thu 11th Jun 2009 20:41
in reply to "RE[4]: It is the Microsoft way"
Member since:2005-11-11
RE[5]: It is the Microsoft way
by AnyoneEB on Fri 12th Jun 2009 01:25
in reply to "RE[4]: It is the Microsoft way"
Member since:2008-10-26
sudo asks for the user's password and does not ask for it again until for 5 minutes after the most recent sudo command by default. You can change that using the rootpw (set to ask for root password instead of user password) and timestamp_timeout (set to 0 to always ask for password) options in the sudoers file. See man sudoers or http://www.sudo.ws/sudo/man/sudoers.html for more information.
Also, sudo -k and -K options "kill" the record of sudo being used recently so the next sudo command will ask for a password. See man sudo or http://www.sudo.ws/sudo/man/sudo.html for more information.
Member since:
2007-01-24
No. Imagine if you forget your desktop unlocked when you leave your room.
The intruder would not can do administrative tasks because su - would ask the root password. But with sudo he could do everything.