42
submitted 9 months ago* (last edited 9 months ago) by Aatube@kbin.social to c/technology@beehaw.org

Shipped in Windows 11 Insider Preview Build 26052. https://www.tiraniddo.dev/2024/02/sudo-on-windows-quick-rundown.html claims it has a big security problem that makes the program accept calls to elevate from anywhere once first run

Edit:

  1. The security problem has been internally fixed and will be available in the next release
  2. It's not just an alias for 'runas'. It seems to be able to configurably block user input for sudo'd commands, retain the existing environment, ditch it and open a new window, and remember that you've sudo'd in the last minute or so.
  3. It brings up UAC instead of having you input the password
you are viewing a single comment's thread
view the rest of the comments
[-] OmnipotentEntity@beehaw.org 17 points 9 months ago

If I'm understanding this correctly, it's not even copying. It's apparently just a wrapper for the built-in runas command that's been there since Windows 2000.

[-] zadjii@mastodon.social 9 points 9 months ago

@OmnipotentEntity @Pilgrim it's actually not just a wrapper for runas. There's a lot of other plumbing here to get the console handle you're actually using plumbed to the target application. That's the magic that lets you actually interact with the elevated process in the same terminal.

With runas, the target application is just stuck in a separate console window (gross)

[-] OmnipotentEntity@beehaw.org 4 points 9 months ago

So please forgive me if this is a rather naive question. I haven't seriously used Windows in nearly 15 years.

I seem to recall runas being a lot like su, in that you enter the target user's credentials, rather than your own as in sudo. This works because sudo is a setuid executable, and reads from configuration to find out what you're allowed to do as the switched user.

Is the behavior of windows sudo like unix su or unix sudo with regard to the credentials you enter? Can you limit the user to only certain commands?

[-] Aatube@kbin.social 1 points 9 months ago

It brings up a UAC prompt, so any admin's credentials ig

[-] OmnipotentEntity@beehaw.org 2 points 9 months ago

So it's su then, not sudo.

[-] Aatube@kbin.social 2 points 9 months ago

(this is the maintainer)

[-] Penguincoder@beehaw.org 6 points 9 months ago

Exactly. Windows already has this functionality with runas and this implantation doesn't improve on it at all.

[-] Aatube@kbin.social 6 points 9 months ago

It's more complicated than that. It seems to be able to configurably block user input for sudo'd commands, retain the existing environment, ditch it and open a new window, and remember that you've sudo'd in the last minute or so.

[-] TxzK@lemmy.zip 5 points 9 months ago

Classic Microsoft. Just change the look and be done with. No need it to actually improve the internals.

this post was submitted on 11 Feb 2024
42 points (100.0% liked)

Technology

37728 readers
623 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS