Bugtraq mailing list archives

Re: XML in IE 5.0


From: jjohanss () BU EDU (Jesper M. Johansson)
Date: Wed, 19 Jan 2000 10:00:17 -0500


For Windows users, The MS guys gave an interesting talk at the NTBugtraq
Canada Day Party at Russ' house last year.  NT2000 will include a feature that
is similar to su on unix, which will allow one to have different windows open
as different users on the same box... I believe it's an extension of the
terminal server concept.  Anyway, once folks get NT2000, they should really
consider running their browsers as locked-down, non-priveledged users.

Except that user preferences are no longer stored as being owned by *that*
user (roaming profile problems anyone ?), per-user disk cache usage isn't
associated with the correct user, etc.  Can you really imagine 90% of
Internet users being savvy enough to run a browser in an "su" window ?
The other option here for M$ is to reinvent the setuid bit :->

What you are talking about is the Run As... feature. It works, reasonably well, to let you run the machine as a 
different user. There was an SU command in the Resource Kit for NT 4, but it did not allow you to run control panels as 
an administrator. The Run As... does (right click on them, select Run As...). Thus, you can use it to set permissions 
(from the command line of course), change the page file size, change the IP address (no reboot required!), manage users 
and shares, and other administrative tasks However, it is still severely lacking, compared to a *NIX su:

1. You cannot run an Explorer window as a different user. Nor can you get a new desktop in a different user context. I 
also would not recommend running your browser in that context. I have seen IE being run as an administrator spawn 
processes in user context. I would expect that the opposite could also happen. Run As... is designed for administrative 
tasks while logged on as a user. It is not designed to give you a functional OS as an administrator.
2. You cannot use it for most of the existing InstallShield installers. In many cases they fail to recognize the 
context properly and crash. In other cases, they appear to work properly, but some of the processes they spawn are 
spawned in a regular user context. In any case, it usually is abysmally slow, on the order of taking 5-15 minutes to 
bring up the installers window after it is launched

The Run As... is a nice feature, and a good bit better than the NT4 RK SU, but it is nowhere near a *NIX su yet, 
unfortunately.

Jesper M. Johansson


Current thread: