Slashdot Mirror
LG Split Screen Software Compromises System Security
jones_supa writes: The Korean electronics company LG ships a split screen tool with their ultra wide displays. It allows users to slice the Windows desktop into multiple segments. However, installing the software seriously compromises security of the particular workstation. The developers required administrator access for the software, but apparently they hacked their way out. The installer silently disables User Account Control, and enables a policy to start all applications as Administrator. In the article there is also a video presentation of the setup procedure. It is safe to say that no one should be running this software in its current form.
Brian Fox wrote the GNU Bash shell. If you've ever used Linux or OSX, you've used his software.
If you need to use COM components, and you don't want to require admin rights, you register them in HKEY_CURRENT_USER instead of HKEY_CLASSES_ROOT. After that, it just works.
The sad part is, it would have not have taken any more time to Google that than to find how to disable UAC through the installer.
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
Yes, a component in an admin context may not be accessible to a component used by user in a non-admin context. This is called a "security" model, and prevents the non - admin process manipulating the admin-context process to do things it shouldn't be able to do. You make it sound like a quirk, but the entire design is that "non elevated components can't talk to elevated components". Try starting Notepad as admin and dropping a text file on it from the non - elevated explorer view, it won't work by design.
Windows is poorly designed, and to do anything you need to hack the whole system.
And after you get around all the stupid designs and quirks used by windows to actually achieve what you need, you end up with Picasso-style operating system that barely works anymore and has no security at all (not that it had much of it before).
Windows design enforces using all the security holes to get around limitations that prevent you from implementing your functionality. So you end up exposing these holes and security issues to the world.
It's not a bug, it's the design. No freedom for you, no API to let you in securely, no layers of abstraction, one blob to rule them all... And you with your task to be completed in such environment.
Really, what would you expect from this piece of crap from microsoft?
In Linux you can do anything, you can even redesign parts you want to use to work in a way you need them to.
Achieving this multi-screen functionality in Linux would be a piece of cake, even under the old X11 system.
Oh dear, you got modded up, what a surprise.
"There's a bunch of options, ranging from "mark everything setuid and owned by root" (the least efficient, but you could do it in a few lines of shell script)"
Yes, and it would take literally hours on a bit system plus a lot of things would break because they check their user id and won't run if they have superuser permissions for security reasons. As for NFS mounts... Next...
"which is a trivial edit to /etc/users)."
$ ls -l /etc/users /etc/users: No such file or directory
ls: cannot access
Oh 'm sorry, did you mean /etc/passwd ?
Yes you could set all users to uid 0. And nothing would happen except no one would be able to login since in unix users are actually distinguised by their numeric user id, not their name which is merely an attribute thats used for login.
"Frankly, you kin of sound like you're mouthing off without knowing anything of what you're talking about"
Ah, theres nothing like a nice bit of irony in a post :o)
" have mod points, as it happens, but chose to reply instead"
You shouldn't have bothered. You might know ignorance about unix is quite apparent since you don't even realise why ACLs are required in Windows but rarely used in unix due to group permissions and multiple group membership.
Now go away and educate yourself.