Possible trouble with SuRun elevations
3 posters
Page 1 of 1
Possible trouble with SuRun elevations
Posted by MrBrian on wilderssecurity today: SuRun elevations can allow malware to elevate in a standard account (example with elevated command prompt).
Paul
Paul
p2u- Valued Member
- Posts : 211
Join date : 2010-12-14
Re: Possible trouble with SuRun elevations
I don't really see anything surprsing there. For me, elevating a process to Administrator level via SuRun is always intentional. It's like installing a program on the REAL system - you'll need Administrator level access to do this most of the time (in order for the program to install properly).
However, as far as I understand it, this issue with SuRun would only apply if malware already got on to the REAL system and was able to execute in the Limited User Account (and then wait to associate itself to a SuRun-elevated process).
However, as far as I understand it, this issue with SuRun would only apply if malware already got on to the REAL system and was able to execute in the Limited User Account (and then wait to associate itself to a SuRun-elevated process).
Re: Possible trouble with SuRun elevations
If I understand everything correctly, then the surprising thing is that not only the process you intended to elevate is elevated.ssj100 wrote:I don't really see anything surprsing there. For me, elevating a process to Administrator level via SuRun is always intentional.
P.S.: I NEVER elevate anything in my limited account. If I get an alert while testing, I pretend not to know the admin password. Otherwise everything is set up in such a way that I (and all other limited users on this computer) will NOT get any UAC alerts at all.
Paul
p2u- Valued Member
- Posts : 211
Join date : 2010-12-14
Re: Possible trouble with SuRun elevations
For me, I always "felt" that SuRun potentially created a "hole" for malicious processes to elevate themselves. However, this "hole" essentially becomes irrelevant with the use of Sandboxie + SRP.p2u wrote:If I understand everything correctly, then the surprising thing is that not only the process you intended to elevate is elevated.
Re: Possible trouble with SuRun elevations
ssj100 wrote:However, as far as I understand it, this issue with SuRun would only apply if malware already got on to the REAL system and was able to execute in the Limited User Account (and then wait to associate itself to a SuRun-elevated process).
That's correct. Using SRP or similar is highly recommended. As p2u noted, never elevating by any means is the safest thing to do.
MrBrian- Member
- Posts : 14
Join date : 2010-07-01
Re: Possible trouble with SuRun elevations
Yes indeed, but then convenience/usability would be lost (particularly on XP). But as I mentioned, having a good security setup/approach essentially makes this issue irrelevant, and regardless, the "risk" is on the same level as mistakenly installing a malicious program on the REAL system with Administrator rights.MrBrian wrote:As p2u noted, never elevating by any means is the safest thing to do.
Re: Possible trouble with SuRun elevations
Not necessarily. It all depends on what your every-day tasks are. I often see people unnecessarily elevate while they would be better off just giving "write" permissions to authenticated users for certain folders/files only.ssj100 wrote:Yes indeed, but then convenience/usability would be lost (particularly on XP).MrBrian wrote:As p2u noted, never elevating by any means is the safest thing to do.
P.S.: On XP, I used to disable RunAs and made it unavailable for users. Besides, Secondary Logon and Fast User Switching were disabled. I can't do that on Vista, since Parental Control depends on UAC, and UAC depends on RunAs...
Paul
p2u- Valued Member
- Posts : 211
Join date : 2010-12-14
Re: Possible trouble with SuRun elevations
Yes of course, but then my "every-day tasks" are not typical of the "every-day" user haha. But for many people, they should not need to elevate (particularly on Vista/7) on most days.p2u wrote:Not necessarily. It all depends on what your every-day tasks are.
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|