Linked by Thom Holwerda on Thu 11th Jun 2009 10:00 UTC
Windows Not too long ago, we ran a story informing you of how the auto-elevation feature in Windows 7 is broken in a way that allows malicious programs to silently gain administrative privileges. We wondered if Microsoft was ever going to fix this one before Windows 7 goes final, and even though we're not there yet, a recent article by Mark Russinovich seems to imply pretty strongly that no, Microsoft is not going to fix this.
Thread beginning with comment 368008
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: It is the Microsoft way
by shiva on Thu 11th Jun 2009 20:19 UTC in reply to "RE[3]: It is the Microsoft way"
shiva
Member since:
2007-01-24

No. Imagine if you forget your desktop unlocked when you leave your room.

The intruder would not can do administrative tasks because su - would ask the root password. But with sudo he could do everything.

Reply Parent Score: 2

MamiyaOtaru Member since:
2005-11-11

assuming he knows your password? wat?

Reply Parent Score: 2

AnyoneEB Member since:
2008-10-26

sudo asks for the user's password and does not ask for it again until for 5 minutes after the most recent sudo command by default. You can change that using the rootpw (set to ask for root password instead of user password) and timestamp_timeout (set to 0 to always ask for password) options in the sudoers file. See man sudoers or http://www.sudo.ws/sudo/man/sudoers.html for more information.

Also, sudo -k and -K options "kill" the record of sudo being used recently so the next sudo command will ask for a password. See man sudo or http://www.sudo.ws/sudo/man/sudo.html for more information.

Reply Parent Score: 3