Linked by Thom Holwerda on Thu 11th Jun 2009 10:00 UTC
Windows Not too long ago, we ran a story informing you of how the auto-elevation feature in Windows 7 is broken in a way that allows malicious programs to silently gain administrative privileges. We wondered if Microsoft was ever going to fix this one before Windows 7 goes final, and even though we're not there yet, a recent article by Mark Russinovich seems to imply pretty strongly that no, Microsoft is not going to fix this.
Thread beginning with comment 368137
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Code 18"
by werfu on Fri 12th Jun 2009 13:00 UTC in reply to "RE: Code 18""
Member since:

I know that be stupid, but what would be stopping me from changing the Synaptics menu entry in your menu and avoiding directly the libgtksudo? I was exposing the fact that most threat come from user actions, not from vulnerabilities.

Reply Parent Score: 1

RE[3]: Code 18"
by leech on Fri 12th Jun 2009 22:58 in reply to "RE[2]: Code 18""
leech Member since:

Except that you couldn't do that without the user knowing, because nothing is set with execute rights unless the user set it themselves. Ah Unix Security 101.

Reply Parent Score: 2