Re: Windows 2000 Run As... Feature

[jjohanss () BU EDU (Jesper M. Johansson)]

> In all the hubbub over whether the semantic of the Run As... feature
> in Windows 2000, a much more important shortcoming is that this is
> the first time (I know of) that the system asks for your password
> through a mechanism other than the trusted path (ctrl-alt-del to
> login, ctrl-alt-del to change password).  This is an unfortunate
> compromise in an otherwise useful feature.

How much of a compromise is it really? I just looked at the executable
and it seems to be reasonably tightened down with only RX for Users,
PowerUsers and Everyone. Unless there is some backdoor to replace the
directory entry that's about the best we can do. Note that the SU
command in the 4.0 Resource Kit also has this problem. Except that there
the default ACL is considerably less restrictive. On my machine,
Everyone has Modify rights to that command, as well as to the SUSS SU
service. I assume that there are no special rights set on these files
and that they simply take the permissions from the parent directory upon
installation. Something to think about...

Note that the ACL does of course not guard against presenting a user
with the command line dialog without having to type in the RunAs
command. However, common sense is used to guard against that. Also, the
trusted path did not preclude the use of that attack either. I have
actually seen one where users were presented with a login screen without
the three-finger salute, and simply entered their passwords.

Jesper M. Johansson