Some newer posts on Non-Admin development
Not exactly new, but one Nigel Watling, a Microsoft Technical Evangelist, has posted a well stated essay on the privilege options for developers. He carefully lists and analyzes the options, discussing in detail the tools and techniques I have mentioned in numerous earlier posts. It is well layed out. I came to it from a posting by Robert Hurlbut on his blog. He has a number of good security related postings.
He discusses my preferred approach "Logging in as LUA and escalating privileges when required" in some detail and mentions at least one security hole I have ignored - the possibility of messages being sent from some process window to the window running with elevated or admin privileges. He makes reference to the various techniques and pitfalls, but does not detail them.
Interestingly he preferred choice would be FUS (FastUserSwitching), but of course it is not available in most work environs. I don't like it. I frequently want to have Internet browsing windows open on the same desktop where I am developing.
He discusses my preferred approach "Logging in as LUA and escalating privileges when required" in some detail and mentions at least one security hole I have ignored - the possibility of messages being sent from some process window to the window running with elevated or admin privileges. He makes reference to the various techniques and pitfalls, but does not detail them.
Interestingly he preferred choice would be FUS (FastUserSwitching), but of course it is not available in most work environs. I don't like it. I frequently want to have Internet browsing windows open on the same desktop where I am developing.
posted by Allan Wolff at 3:02 PM
0 Comments:
Post a Comment
<< Home