From: Michael Richardson (mcr@sandelman.ottawa.on.ca)
Date: Tue Aug 24 2004 - 13:22:23 EDT
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Kevin" == Kevin Sheldrake <kev@electriccat.co.uk> writes:
Kevin> I've been toying with the idea of totally encrypting my fixed
Kevin> LAN with
(not to topic)
Kevin> I've never really liked 'Run As' as a solution on Windows (although
Kevin> admitedly, most of my experience has been as an observer as
Kevin> opposed to an operator.) I still need to trust the people I
Kevin> give 'Run As' to, don't I, not to do anything daft? I'm
Kevin> guessing that you can't tie that ability down
Kevin> to a single component? Or can you?
I don't know.
What I do know is that Windows 2000+ has the concept of a setuid
program. i.e. one that can be given permissions to run as a different
user.
The "Run As" menu item uses it to implement the equivalent of the "su"
command --- the ability to escalade one's priveledges, and then
authenticate as another user. Previous to that, the only way to become
another user was to start as a priveledged process (i.e. from the
"login" box).
I don't think that there is much that uses the setuid yet. It is
useful to provide for priveledge seperation on windows, but expect there
to be bugs as well.
- --
] "Elmo went to the wrong fundraiser" - The Simpson | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr@xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQSt5ToqHRg3pndX9AQHExgQAjs64iPyi/3+M3KOo4yqKybR/TFdCiAXr
yKgFKL528mmEh3rNkwsGU+j9fiJWvuW3gitlgbbB7i1zOjyFAdwkLITNYULxMYPp
MPSuBz6LhwYSIeNBTPAWnC65fRnklcPTzC0pkEA3OFnZS2BtNQD6nQJBnd4Peu8S
neMWCNanwsE=
=CWln
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:00 EDT