Why Programs get written to need admin priveleges.
From: Mark Kovacic (Mark.Kovacic_at_barrsystems.com)
Date: 09/15/03
- Previous message: Robert Blackwell: "RE: Disabling sharing and group policies"
- Next in thread: Pidgorny, Slav: "RE: Why Programs get written to need admin priveleges."
- Maybe reply: Pidgorny, Slav: "RE: Why Programs get written to need admin priveleges."
- Reply: Laura A. Robinson: "RE: Why Programs get written to need admin priveleges."
- Maybe reply: RODDY, Dan: "RE: Why Programs get written to need admin priveleges."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 15 Sep 2003 11:48:32 -0400 To: <focus-ms@securityfocus.com>
As a programmer I can perhaps address the slightly off topic Question.
I work primarily in the windows arena, so my comments are specific to
there.
Usually when a program requires high permissions to run, it's either
because the programmer didn't have time to research the necessary work
arounds, or as is more common, the OS requires that level of permission
for some aspect of what the application is doing.
Mark Kovacic, Senior Systems Programmer
Barr Systems, Inc. www.barrsystems.com
352-491-3100 Mark.Kovacic@barrsystems.com
-----Original Message-----
From: Alexander Suhovey [mailto:asuhovey@mtu-net.ru]
Sent: Friday, September 12, 2003 12:36 PM
To: 'Ansgar Wiechers'; focus-ms@securityfocus.com
Subject: RE: Disabling sharing and group policies
> I still don't see why you won't remove your users from the
> local administrators' group and spare yourself the trouble.
> I haven't run into a single application that couldn't
> be persuaded to run with reduced privileges.
[Sorry if it is offtopic...]
Why administrators must pesuade some applications to run with reduced
privileges anyway? I mean, why don't software developers care about that
in
first place? Isn't that strange when you must have Administrator
privileges
to just... Scan a picture? Write to CD? Whatever *not-administrative*
tasks...
Can you please point me to some public source of information about
common
ways to make an application to run under user privileges if it won't? As
I
understand, one should run some filemon- regmon-like tools to monitor
application and then make resources needed by app to be available under
user
account. Is there any otner tips you can share?
Thanks,
Al.
> -----Original Message-----
> From: Ansgar Wiechers [mailto:bugtraq@planetcobalt.net]
> Sent: Thursday, September 11, 2003 12:46 AM
> To: focus-ms@securityfocus.com
> Subject: Re: Disabling sharing and group policies
>
>
> On 2003-09-10 Matthew Wagenknecht wrote:
> > I'm looking for a solution to keep honest people honest.. I will be
> > monitoring the network for Everyone shares. If I find any,
> I will know
> > that it was intentional to circumvent the Group Policy. That way I
> > don't have to deal with "I didn't know any better".. I'm
> not looking
> > for a DoD implementation.
>
> I still don't see why you won't remove your users from the
> local administrators' group and spare yourself the trouble.
> Please don't give me that old "our applications require this"
> crap. I haven't run into a single application that couldn't
> be persuaded to run with reduced privileges.
>
> Regards
> Ansgar Wiechers
>
> --------------------------------------------------------------
> -------------
> KaVaDo provides the first and only integrated Web application
> scanner and
> firewall security suite that prevent Web applications
> attacks, the most
> common form of online exploitation. Download a FREE
> whitepaper on Security Policy Automation for Web Applications.
> http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
> --------------------------------------------------------------
> -------------
>
------------------------------------------------------------------------
--- KaVaDo provides the first and only integrated Web application scanner and firewall security suite that prevent Web applications attacks, the most common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications. http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818 ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- KaVaDo provides the first and only integrated Web application scanner and firewall security suite that prevent Web applications attacks, the most common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications. http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818 ---------------------------------------------------------------------------
- Previous message: Robert Blackwell: "RE: Disabling sharing and group policies"
- Next in thread: Pidgorny, Slav: "RE: Why Programs get written to need admin priveleges."
- Maybe reply: Pidgorny, Slav: "RE: Why Programs get written to need admin priveleges."
- Reply: Laura A. Robinson: "RE: Why Programs get written to need admin priveleges."
- Maybe reply: RODDY, Dan: "RE: Why Programs get written to need admin priveleges."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
