UAC

The place to bring up any design issues, or post your own creations

Moderator: Moderator Team

Post Reply
Floyd
Posts: 300
Joined: Sat Nov 27, 2004 7:45 am
Location: The frozen part of the USA

UAC

Post by Floyd » Wed Jun 17, 2009 1:16 am

as it stands now i don't really like the way the UAC is implemented it vista or windows 7.

i like the way SU is done in linux and although i can see benefits to SUDO over SU it's confusing to me (and others) to call something "administrator's group" and "administrator" and still having to elevate privileges. can't there be some kind of compromise between good security practice and something that's not flat out confusing.
pax mei amici amorque et Iesus sacret omnia

hto
Developer
Posts: 2193
Joined: Sun Oct 01, 2006 3:43 pm

Post by hto » Wed Jun 17, 2009 2:34 am

Floyd wrote: i like the way SU is done in linux and although i can see benefits to SUDO over SU it's confusing to me (and others) to call something "administrator's group" and "administrator" and still having to elevate privileges.
Why it is confusing? It should remind people to be more careful. If "administrator" will never have to elevate privileges, it means that either (1) he is not allowed to do some things at all, or (2) he is almighty. In the latter case, a buggy / malicious program started from his account or a human mistake can become disastrous.
can't there be some kind of compromise between good security practice and something that's not flat out confusing.
A good security practice is when programs has minimum privileges, just to do their work. A music player should be able to read music files and write to audio devices; it should not write to files. When a text editor needs to save a file, this should be viewed as elevation of privileges.

coldReactive
Posts: 581
Joined: Sat Nov 10, 2007 10:42 pm

Re:

Post by coldReactive » Wed Jun 17, 2009 5:50 am

hto wrote:A good security practice is when programs has minimum privileges, just to do their work. A music player should be able to read music files and write to audio devices; it should not write to files. When a text editor needs to save a file, this should be viewed as elevation of privileges.
So basically, everything that writes a file will require elevation?

hto
Developer
Posts: 2193
Joined: Sun Oct 01, 2006 3:43 pm

Post by hto » Wed Jun 17, 2009 12:58 pm

Under this scheme, anything that reads or writes files, sends to or receives data from networks, etc., will require elevation. When a user wants to open a text to edit, (s)he uses "Open File" dialog and chooses a file. But the dialog is not a part of a text editor, it is a part of the system, which grants rights to the editor to read and write this only file. The editor will also create, write, read, destroy temporary files in a special directory, access its configuration files, not asking every time for permission — this privilege should be given to it just once, at installation. Other rights, such as to change other files or to send something to the Internet, were not granted, it can not do that. A music player should be once given rights to read files under "Music" directory, not requiring its user to open each one of them. A browser can have rights to establish network connections, but some people may prefer to explicitly give it one permission at a time.

coldReactive
Posts: 581
Joined: Sat Nov 10, 2007 10:42 pm

Re: UAC

Post by coldReactive » Wed Jun 17, 2009 4:18 pm

So now we can only have music files under a music directory and no where else? Sounds annoying.

hto
Developer
Posts: 2193
Joined: Sun Oct 01, 2006 3:43 pm

Post by hto » Wed Jun 17, 2009 8:48 pm

No, of course. I just mentioned a music directory as an example that a user is not required to approve every access to every file (as somebody could think), that rights can be given 'wholesale' for many files at once.

Floyd
Posts: 300
Joined: Sat Nov 27, 2004 7:45 am
Location: The frozen part of the USA

Re:

Post by Floyd » Thu Jun 18, 2009 8:43 pm

hto wrote: Why it is confusing? It should remind people to be more careful. If "administrator" will never have to elevate privileges, it means that either (1) he is not allowed to do some things at all, or (2) he is almighty. In the latter case, a buggy / malicious program started from his account
or a human mistake can become disastrous.
because an account and security group that used to have unfettered access no longer does have unfettered access would seem like a pretty obvious reason to me why it would be confusing. "admin" carries different meanings in the windows world vs. the *nix world.

A good security practice is when programs has minimum privileges, just to do their work. A music player should be able to read music files and write to audio devices; it should not write to files. When a text editor needs to save a file, this should be viewed as elevation of privileges.
where did i even say anything to the contrary--that's right, i didn't. but there are some people that don't need to be constantly hand held either nor do they want to be. a gamer, for example, on a home system is not doing "work". they are playing games and/or purposefully tinkering with a system. this, imo, shows how much windows still needs to be fixed. installing a game shouldn't require elevation anyway but goes against what MSFT was allowing, and in some cases, guilty of themselves: modifying reg keys, dll insertion, modification of \program files etc -- and now all of a sudden they have a problem with that practice and look on with derision anyone that has an issue with the change.
pax mei amici amorque et Iesus sacret omnia

hto
Developer
Posts: 2193
Joined: Sun Oct 01, 2006 3:43 pm

Post by hto » Thu Jun 18, 2009 9:46 pm

because an account and security group that used to have unfettered access no longer does have unfettered access would seem like a pretty obvious reason to me why it would be confusing. "admin" carries different meanings in the windows world vs. the *nix world.
Unix still have all-powerful root account, and in windows, on my memory, admin was never almighty. I remember as i once set access rights on a directory so was unable to delete it from administrator account after that.
and now all of a sudden they have a problem with that practice and look on with derision anyone that has an issue with the change.
Sooner or later, that bad practice had to be changed…

Black_Fox
Posts: 1584
Joined: Fri Feb 15, 2008 9:44 pm
Location: Czechia

Re: Re:

Post by Black_Fox » Thu Jun 18, 2009 11:07 pm

Floyd wrote:installing a game shouldn't require elevation anyway
If installed outside of program files and not modifying registry, games wouldn't have to require elevation, but requiring elevation always upon startup is much "easier".

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest