Bugtraq mailing list archives
Re: XML in IE 5.0
From: scott.meilicke () INTP COM (Meilicke, Scott)
Date: Tue, 18 Jan 2000 11:18:08 -0800
I'm running Win2K now, and the "run-as" command works fairly well. For most programs you have to enable this feature through the properties of a shortcut or directly on the properties of the exe. I log on as a non-privileged user, then when needed, issue a "run-as" command (right click), and run a process as a different user, in my case an admin account. The only problem is that you cannot run the shell in different user contexts. For example, if I have a privileged command window open, and a non-privileged explorer window open, I obvious cannot access restricted areas with explorer, but I can with the command prompt. However, if I issue a "start ." command from the command prompt, the resulting explorer window will revert back to a non privileged user. Not so good, but better than NT4, especially with IE5 (shiver...). NT4 had a similar command in the resource kit, but more difficult to use, called su.exe (surprise surprise). It was basically more pain than it was worth in my case. I don't think it's a terminal server offshoot, but perhaps both capabilities, terminal server and su.exe are derived from the same hacks in NT. As far as user preferences, they are handled just as UNIX would as far as I can tell. In unix, you can su in a shell and the environment is that of root, not the non priv user. Same in NT. I can't comment on disk cache or other process, however. Scott -----Original Message----- From: Darren Reed [mailto:avalon () COOMBS ANU EDU AU] Sent: Monday, January 17, 2000 12:28 PM To: BUGTRAQ () SECURITYFOCUS COM Subject: Re: XML in IE 5.0 In some mail from Ryan Russell, sie said: [...]
For Windows users, The MS guys gave an interesting talk at the NTBugtraq Canada Day Party at Russ' house last year. NT2000 will include a feature
that
is similar to su on unix, which will allow one to have different windows
open
as different users on the same box... I believe it's an extension of the terminal server concept. Anyway, once folks get NT2000, they should
really
consider running their browsers as locked-down, non-priveledged users. I believe you can do the same on most modern unices now with judicious use of su and xhost adjustments.
Except that user preferences are no longer stored as being owned by *that* user (roaming profile problems anyone ?), per-user disk cache usage isn't associated with the correct user, etc. Can you really imagine 90% of Internet users being savvy enough to run a browser in an "su" window ? The other option here for M$ is to reinvent the setuid bit :-> Darren
Current thread:
- Re: XML in IE 5.0, (continued)
- Re: XML in IE 5.0 Brian Behlendorf (Jan 17)
- Re: XML in IE 5.0 David LeBlanc (Jan 18)
- Re: XML in IE 5.0 Jesper M. Johansson (Jan 19)
- Re: XML in IE 5.0 Brian Behlendorf (Jan 17)
- Re: XML in IE 5.0 Darren Reed (Jan 17)
- Re: XML in IE 5.0 Jesper M. Johansson (Jan 19)
- SubSeven 2.1a (trojan) Andrew Griffiths (Jan 19)
- Re: XML in IE 5.0 David LeBlanc (Jan 20)
- Some discussion in http-wg ... FW: webmail vulnerabilities: a new pragma token? Eric D. Williams (Jan 19)
- SyGate 3.11 Port 7323 / Remote Admin hole jalerta () nestworks com (Jan 28)
- [LoWNOISE] Rightfax web client 5.2 ET LoWNOISE (Jan 29)