[ros-dev] dealing with insecure-by-inattention Windows software

Fri Dec 16 10:15:39 CET 2005

Wesley Parish wrote:
> "insecure-by-inattention" - by that I mean software that must run as super-user
> or otherwise (otherstupidly) it won't run at all.  ReactOS is not only intended
> as a plug-in replacement for MS Windows, if I read this-and-that correctly, it's
> also intended to "get it done right".  And so we can't have super-user as
> default user, because that is Microsoft's thorn-in-the-flesh, and they can have
> it.  I don't want it.
>
> What I've been thinking is there is quite a bit of useful information and
> knowledge being actively developed and used in the Unix/BSD/Linux field for
> handling that sort of problem.  The BSD chroot jail is one such implementation -
> there are even some aspects of the MS Windows directory structure that would
> simplify the adaption of the chroot jail to the ReactOS.
>
> [hardware]\Program Files\Abracadabra-Malware-Magnet\
>
> "Abracadabra-Malware-Magnet" is a separate subdirectory within the Program Files
> directory.  Chroot jail, if I remember correctly, requires a separate directory
> for each chrooted program so it sees itself as the one-and-only love of its
> kernel's uptime.  The MS Windows directory structure already has this separable
> directory structure.
>
> What needs to be done is to ensure that it thinks it's the only one around.
>
> There would be some sizeable problems - ensuring that the dlls would be
> sufficiently robust to avoid being hijacked, is just one, ensuring that it
> couldn't make any changes to dlls outside its directory is a bigger one, but
> that could be handled by making sure it installed all its (uniquely) needed dlls
> in its chroot jail.  Which a lot of Win32 programs do anyway.
>
> What do people think?
>
> Wesley Parish
>
> "Sharpened hands are happy hands.
> "Brim the tinfall with mirthful bands" 
> - A Deepness in the Sky, Vernor Vinge
>
> "I me.  Shape middled me.  I would come out into hot!" 
> I from the spicy that day was overcasked mockingly - it's a symbol of the 
> other horizon. - emacs : meta x dissociated-press
> _______________________________________________
> Ros-dev mailing list
> Ros-dev at reactos.org
> http://www.reactos.org/mailman/listinfo/ros-dev
>
>
>   
Sorry but I'm not familiar wit chroot, so I didn't catch all of that but 
why not have something where during the setup it'll ask you for the 
"system password" those would be used for the Administrator account 
first time logging in a window would appear, explaining the pro's and 
con's of the admin account and asks the user if he/she wants to create 
another account for his/her activities.

this approach will do 2 things 1. secure the computer because ReactOS 
would automatically prompt the user about the security of the admin 
account and 2. educate the user with a little bit about how the computer 
works.

"Every thing should be made as simple as possible, but not simpler." - 
Albert Einstein