Slashdot Mirror
Longhorn to use UNIX-like User Permissions
destuxor writes "After years of Windows users abusing administrative accounts out of necessity, Microsoft promises that Longhorn will make better use of user permissions in what sounds exactly like what UNIX/Linux users have been doing for years. Hopefully this will fix the long list of applcations that cannot be run by a Least-Privilege User Account (LUA) while giving a much-needed security boost. Too bad "MS-root" can't watch over your grandmother when she opens emails."
I think that it's a good start and may well make a big difference in companies which use Windows as their desktop platform and have system administrators who can control user accounts.
This section from the article seems to have a good point: A strictly enforced LUA model could make it harder for worms and viruses to take over Windows systems. But Microsoft may have a tough time changing user and developer behaviour, even with new features that support the LUA regime in Longhorn, experts warn.
On home systems, we still currently have enough problems trying to convince people not to open dubious attachments, or with people giving sites permission to install practically anything on their machines. It will take a big shift in attitudes (or Microsoft forcing the user to jump though hoops) to make many home users have anything but admin-privilege accounts.
It's about damned time this issue gets addressed. Every day at work I have to fight with this M$ limitation. Chief among the offenders are:
- Kodak Share software
- Autocad
- Any serial port emulation program
- PowerDVD
Most users must be elevated to Power User status on their machines to allow them to do anything nowadays, while there are plenty of programs (like the ones listed above) that will malfunction or simply refuse to work with anything less than full Admin rights. Sometimes, I have no choice but to give a user full Admin rights...I grind my teeth as I do so, knowing full well I'll be called to disinfect the machine of countless spyware programs within weeks, if not days.
____
~ |rip/\/\aster /\/\onkey
The permissions will permanently be set to 777.
The problem has never been a lack of permissions in NTFS, just that no one uses them well.
This might not change much, windows users are generally lazy. I see most people will just log in as an administrator and stay that way forever. The article didn't mention how easy it would be to switch to an administrator either like unix's su. No matter what microsoft does security will always be a huge problem, users don't want to change they like it easy.
No the Microsoft permissions in Longhorn will be different from Unix permissions... :-)
They'll be patented.
well, it will once MS finally patents them like they did sudo.
http://taint.org/2004/08/20/024522a.html
--
Check out my music video!
The permission mechanisms in Windows NT/2k/XP are pretty flexible. Unix is only just migrating from the old user/group/world permission set to access control lists, something that is readily available for just about everything in the Windows operating system, from files to individual registry entries.
The problem with Windows permission management is that a) it is completely hidden from the casual user, b) there are no guidelines how applications can be made to work with restricted privileges and programmers are too lazy to figure it out themselves and c) the default XP install makes everybody an admin, so there is very little incentive for application programmers to get it right.
Note that the discussion isn't about using literal Unix-style permissions -- the title is rather misleading. NTFS permissions are very good; in some ways, they are superior to classic Unix permissions (but not necessarily to Posix ACLs).
Instead, the Windows security model is (apparently) going to be more Unix-like, in that the demarcation between administrator (root) and normal user will be more strict. Mostly, this means making software developers allow their programs to be installed and run with limited permissions, unlike the current admin-fest.
There are many ways that Microsoft could fuck this up, but I hope they don't. Unlike some people, I have no investment in constantly repairing ruined systems.
But here's something that worries me more about manifests:
Based only on this part, it appears that an application manifest must be published by an entity that can afford three figures USD per year for a code signing license. Developers of free software and proprietary freeware often cannot afford this annual fee. My worry is that Longhorn Home Edition may not permit users to install customized deployment manifests, locking users into using only programs with an application manifest, that is, proprietary commercial software.
This isn't Windows switching from their ACL model to a UNIX permission model.
/finally/, forcing the issue.
One, they are pushing for 3rd-party developers to finally stop requiring simple apps like kid's software and low-end desktop publishing to be run with escalated privileges.
I mean, these application developers have had since '98 or '99 to work this out. But Window's lax defaults and lack of user education didn't force the issue. Microsoft is finally,
Two, it is Microsoft finally realigning their default ACLs to be at once more secure and more common sense.
It makes no sense for a home user to not be able to control their power settings or change their system time unless they have escalated privileges.
Really, this isn't so much Windows following UNIX as it is Windows following OS X.
Finally, and this is IMHO, going to a permission model would be a *huge* step backwards. I know UNIX die-hards will flame me for this, but it is my experience that ACLs are much more flexible and lucid than permissions.
obviously no deficiencies vs. no obvious deficiencies
I'd love to blame Microsoft for their own operating system problems, but really, the blame is mostly on the third party developers.
It has been this way from the beginning... as far back as I can see, developers skirted the BIOS because BIOS calls were too slow -- that was back when the BIOS was part of the OS. This is not a Microsoft problem, but it adds to understanding of how the culture evolved. "Forget about standards and interoperability, we need to deliver performance!" The error in judgement has been costly.
Today developers continue to write code that uses and exploits bugs and irregularities in the MS Windows operating system environment. If I learned nothing else from reading the comments found in the Windows Source code scandals, I learned that Microsoft became obliged to add code to emulate bugs and irregularities for specific applications to continue to run properly. In a perfect world, the app writers would write code using the APIs as documented. (And when bugs and irregularities were found, Microsoft would FIX them to discourage developers from utilizing the strange or buggy behaviors)
Developers should be mature enough to realize that any bug or irregularity found in an OS API should be considered subject to change and could break their software once it is fixed. It kinda bugs me that these "paid professionals" were and continue to be so short-sighted.... (meanwhile, these Open Source Amateurs rely almost exclusively on documented API functions and features simply because bugs and irregularities are often fixed quickly enough that to write code against them would mean they would need to update their code AGAIN.)
I think this kind of speaks volumes about where the real weakness in commericial software development lies -- in the motivation.
'Being root' and running a SUID CD burning application is rather different. In fact, it's entirely different, since you're granted no special rights as a user.
/etc/fstab is for, specifically the user flag. That is indeed a bogus claim.
You do not have to be root to mount anything. That's what
Most programs can be installed as a regular user under $HOME. I've done it many times on systems where I have no root access. This includes everything from Lua to GTK+. In fact, very few Linux programs require root access to install and use properly.
Either you haven't used Linux, or you haven't bothered to learn how to use it properly.
There are no trails. There are no trees out here.
Would that game be Breakout, SuperBreakout, or Photoshop?
Reminds me of that VMS admin they found deep in the heard of some DEC building last year. From what I understand, he still doesn't believe that Compaq bought out his company, and they're having a hell of a time tracking him own in there. Late at night he somehow evades security cameras, sneaks out and defaces HP logos.
They say you can hear his screams of "thread-level security" echo through the halls.
I never gave a damn if my drivers were signed or not - i wanted the device to work, and if that was the only driver i could use, screw windows. :D
Mount points have been supported since 2000 in Windows. And hardlinks. ACLs and multiple streams per file were supported almost from the very beginning.
Before bashing something you should at least RTFM, otherwise you just look like a typical teenage Linux zealot.
The drivers that came with my motherboard are not signed, the driver for my monitor is not signed (it's quite old), I forget about the graphics card.. printer drivers not signed - what am i supposed to do? use my computer with the "default" monitor at much lower resolution and refresh rate than my monitor is capable of, and never print anything?
Can you be Even More Awesome?!