ACL agnostic library

If it doesn't fit anywhere else, drop it in here. (not to be used as a chat/nonsense section)

Moderator: Moderator Team

mekineer
Posts: 2
Joined: Sat Sep 20, 2014 10:26 am

ACL agnostic library

Post by mekineer »

Would it be too much to ask...
Is there a ReactOS library, that I could use to replace a Windows library, that would allow every process to work as root? In other words, completely ignoring any existing ACLs. I realize it is not the goal of the ReactOS project, but it's something I've been wanting, and I'd be thrilled if you have something like this.
erkinalp
Posts: 861
Joined: Sat Dec 20, 2008 5:55 pm
Location: Izmir, TR

Re: ACL agnostic library

Post by erkinalp »

Please do not do that. It would defeat the purpose of privilege separation itself.
-uses Ubuntu+GNOME 3 GNU/Linux
-likes Free (as in freedom) and Open Source Detergents
-favors open source of Windows 10 under GPL2
mekineer
Posts: 2
Joined: Sat Sep 20, 2014 10:26 am

Re: ACL agnostic library

Post by mekineer »

erkinalp wrote:Please do not do that. It would defeat the purpose of privilege separation itself.
I encourage you not to use it!
Z98
Release Engineer
Posts: 3379
Joined: Tue May 02, 2006 8:16 pm
Contact:

Re: ACL agnostic library

Post by Z98 »

There is not, nor would we ever create one.
User avatar
EmuandCo
Developer
Posts: 4723
Joined: Sun Nov 28, 2004 7:52 pm
Location: Germany, Bavaria, Steinfeld
Contact:

Re: ACL agnostic library

Post by EmuandCo »

We plan to be a secure system and thus follow the security systems provided by MS + our own spirit in em. That complete teardown of the security systems will not be realized by us at least, that for sure.
ReactOS is still in alpha stage, meaning it is not feature-complete and is recommended only for evaluation and testing purposes.

If my post/reply offends or insults you, be sure that you know what sarcasm is...
User avatar
dizt3mp3r
Posts: 1874
Joined: Mon Jun 14, 2010 5:54 pm

Re: ACL agnostic library

Post by dizt3mp3r »

Running as a 'super' admin should allow all processes initiated by that user to run as root. It should be possible to initiate detached processes that run as root. I would hope that it might be a configurable option to turn off the linux-inspired "are you sure you want to run as root?" stupidity, having to enter the root password every time you want to perform an important function. Once you login as a super admin then that should be 'it'. If you don't have access to super admin then you get no access or you obtain previously defined access using ACLs.

ACLs could/should be set so that you can allow any user any sort of access to a particular executable. Then non-privileged accounts will be able to run executables as required when they have been given explicit permission (read, write, execute and delete access &c). Otherwise no access.

During startup it should be possible to initiate detached processes that run as if by a super user, or other user with all the privileges as given to that user.

I always thought that the Windows Vista method of implementing security was simply more of the "Windows for TeleTubbies" ways of doing things. A grown up o/s needs a grown-up method of authorising non-privileged users to run particular functions. Once the user obtains super user privileges they simply 'stick'. I have always run with full privileges as I have always been a sys. admin. and I understand what that power entails, sometimes it is power to feck up absolutely if you make a mistake. It needs intelligence when you authorise power/privilege.

You have to be able to delegate some of that power to non-privileged users/apps intelligently. The current method whereby if an app. requires privileged access to resource, a pop-up asks and gets privilege every time it runs, eventually becomes merely an annoyance and that is why many Vista+ users simply disable the whole system's security.
Skillset: VMS,DOS,Windows Sysadmin from 1985, fault-tolerance, VaxCluster, Alpha,Sparc. DCL,QB,VBDOS- VB6,.NET, PHP,NODE.JS, Graphic Design, Project Manager, CMS, Quad Electronics. classic cars & m'bikes. Artist in water & oils. Historian.
Z98
Release Engineer
Posts: 3379
Joined: Tue May 02, 2006 8:16 pm
Contact:

Re: ACL agnostic library

Post by Z98 »

That XP granted elevated privileges to all applications started by an admin user is one of the biggest reasons it is so incredibly insecure. The consequences mean that only one application needs to be compromised in order for the entire system to be hijacked. In that kind of situation, there is absolutely no way to properly secure a system unless it was kept completely off the network. Considering how many drive-by attacks have occurred with malicious Flash, Java, PDF, Word, etc, you simply cannot trust applications to be secure by default. It really doesn't matter how intelligent the user is as they cannot know every single thing that they connect to via the net. All it would take is to compromise an ad network used by legitimate sites and suddenly sites that you considered safe and known are vectors of attack. In such a situation the only course of action is to limit the amount of damage they can do when compromised.

That applications in the past required elevated privileges was often an indication of lazy/sloppy programming. The majority of applications out there never needed such privileges and work perfectly fine when restricted. If they have no need for the privileges, then they should not have it to begin with.
User avatar
Konata
Posts: 391
Joined: Sun Apr 20, 2014 8:54 pm

Re: ACL agnostic library

Post by Konata »

dizt3mp3r wrote:Running as a 'super' admin should allow all processes initiated by that user to run as root. It should be possible to initiate detached processes that run as root. I would hope that it might be a configurable option to turn off the linux-inspired "are you sure you want to run as root?" stupidity, having to enter the root password every time you want to perform an important function. Once you login as a super admin then that should be 'it'. If you don't have access to super admin then you get no access or you obtain previously defined access using ACLs.
That's a Unix thing as a whole, not GNU/Linux. NT was inspired by Unix, so what do you expect?
In fact you're thinking of the "sudo" tool, in Unix you can type "su" and everything you do runs as root. I don't think Windows has that, for better or for worse. Like Z98 said, there's not much you'd ever need to do with elevated privileges, besides using it to write malware, which is why all this stuff is in place to begin with.
User avatar
dizt3mp3r
Posts: 1874
Joined: Mon Jun 14, 2010 5:54 pm

Re: ACL agnostic library

Post by dizt3mp3r »

My understanding was that NT was inspired by VMS rather than Unix. I can't say I am really talking about having something similar to the Unix sudo command. I never really liked it. I am more talking about running with a user account with appropriate privileges for the job. Sudo was a bypass, a hack, convenient.

If an account is used for browsing the web and performing some word-processing, once those apps are installed using a super user account, why are any elevated privileges still required? They aren't to my mind, so perhaps at next login an appropriate account 'type' might be chosen. In this case a low-priv account just to browse and run Word.

If speedfan is required to run at the same time in order to access low-level functions then perhaps an ACL entry can be granted that gives low-priv user 'A' execute access. This would be done on an individual level to all accounts. It requires a bit of work and a bit of intelligence by the person operating as the sys admin.

It is true that lazy people might tend to gravitate toward running the super admin account all the time but it is all about being grown-up and realising that to protect your system from harm privileges need to be only applied when you need them.

When you are prompted to install new software, logging in onto a separate account on a multi-user system and initiating a new admin. session should be the norm. You install the software, grant access to non-priv users, then log out. Switching to the previous account you would then be able to test/run the new executable successfully due to the ACLs granting execute access to that one binary.
Skillset: VMS,DOS,Windows Sysadmin from 1985, fault-tolerance, VaxCluster, Alpha,Sparc. DCL,QB,VBDOS- VB6,.NET, PHP,NODE.JS, Graphic Design, Project Manager, CMS, Quad Electronics. classic cars & m'bikes. Artist in water & oils. Historian.
vasily72
Posts: 10
Joined: Wed Oct 23, 2013 12:11 pm

Re: ACL agnostic library

Post by vasily72 »

Windows XP is pretty much secure system, as well the whole NT family. The reason why accounts created within XP by default had admin privileges is compatibility. Also having separate account for system maintainance and regular work is considired too complex for a home user. Even Windows 8 users still work under administrator, although with restricted rights due to UAC.

The funny thing is that some nasty virus don't have to have admin rights to cause harm to the user. Yes, it cannot install rootkit or do global things. But it easily delete Documents folder, for example. And for user such thing would be a much greater disaster in comprasion to having an adware hidden with rootkit. So when we talk about true security, restricted user accounts don't help much.
Last edited by vasily72 on Mon Sep 22, 2014 12:51 pm, edited 1 time in total.
PurpleGurl
Posts: 1790
Joined: Fri Aug 07, 2009 5:11 am
Location: USA

Re: ACL agnostic library

Post by PurpleGurl »

I know I am guilty here. I disabled UAC in Windows 7. While XP gave everything full privileges, it did have a number of security improvements over previous versions. The underlying IE support files (I guess the Windows APIs that mainly the browser used) were more robust and more security conscious, and there was also buffer overrun protection. So while XP could still get drive-by infections, it was still less likely than 98 and maybe 2000. I once made the mistake of relaxing all the security settings even below the "Low security" profile. It wasn't but a couple of days that it picked up a drive-by infection through an ad like Z98 mentioned.

I did notice that my system (then AMD based) picked up much less viruses than my late friend's PC. We both had XP, but I could only think of 2 differences. Her machine was a Pentium 4 and didn't have the no-execute instruction, and the other difference was her habits (more file-sharing, crack sites, and adult sites). So protection should be a combination of things such as responsible behavior, spot AV scanning (like companies scanning your email attachments or Microsoft scanning the worst threats when you run Windows Update), background AV protection, scheduled comprehensive malware scans, good OS settings, hardware protection and an OS that uses it, limiting root access and privileges, etc.
Last edited by PurpleGurl on Thu Mar 26, 2015 7:49 pm, edited 1 time in total.
User avatar
dizt3mp3r
Posts: 1874
Joined: Mon Jun 14, 2010 5:54 pm

Re: ACL agnostic library

Post by dizt3mp3r »

That's all true, delegating your nastier habits to a $70 tablet appears to be the thing to do to prevent infections from the seedier parts of the net.

I do understand why having a separate admin account used for doing 'admin' work was considered inconvenient for average users and that's how the nagging pop-ups came about in NT6 - but there should be a grown-up option for those that want and know how to do it properly.

I also turn off the UAC on the NT6 systems I have in my control as I can't bear to be continuously treated like a child. When I want super admin/user priv. then give it to me and once I have it - let me keep it.
Skillset: VMS,DOS,Windows Sysadmin from 1985, fault-tolerance, VaxCluster, Alpha,Sparc. DCL,QB,VBDOS- VB6,.NET, PHP,NODE.JS, Graphic Design, Project Manager, CMS, Quad Electronics. classic cars & m'bikes. Artist in water & oils. Historian.
User avatar
Konata
Posts: 391
Joined: Sun Apr 20, 2014 8:54 pm

Re: ACL agnostic library

Post by Konata »

I don't think UAC is much about babying the user as it is protecting them. You're essentially saying "If I unlock my front door once I want to keep it unlocked".

Though, I do agree it's not the best way to protect the user. OS X has a far superior method, it simply controls what each program can and can't do, down to individual file access. Manually tweaking that seems better than UAC's "are you sure you want to let this program do whatever it wants" prompt. Even Android has a primitive specialized access feature, though that's up to the developers of the application to decide, not you. It seems like specialized API access is the new thing.
Z98
Release Engineer
Posts: 3379
Joined: Tue May 02, 2006 8:16 pm
Contact:

Re: ACL agnostic library

Post by Z98 »

It's called Mandatory Access Control. It's still a work-in-progress everywhere, just ask people how much a pain it is to try to configure SELinux without shooting yourself in the foot. A former ROS developer did his graduation thesis on implementing MAC on NT using ReactOS as a basis.
User avatar
dizt3mp3r
Posts: 1874
Joined: Mon Jun 14, 2010 5:54 pm

Re: ACL agnostic library

Post by dizt3mp3r »

I understand the reasoning and the compromises that have to be made. I just relish being able to create users/groups and being able to specify access to resources by user/group, to assign privileges and identifiers to users and then create ACLs to fine tune access to resources. I know how to do this stuff, I have seen it implemented before on other o/s and I know it works. Sometimes it is SUCH a pity that we have to follow the path set by Microdolts but - that is the path we have set.

What I suppose I want is the ability to turn some of the worst OFF and possibly have some access to the underlying mechanism to allow manual configuration above and beyond MS' specs. I can only ask.
Skillset: VMS,DOS,Windows Sysadmin from 1985, fault-tolerance, VaxCluster, Alpha,Sparc. DCL,QB,VBDOS- VB6,.NET, PHP,NODE.JS, Graphic Design, Project Manager, CMS, Quad Electronics. classic cars & m'bikes. Artist in water & oils. Historian.
Post Reply

Who is online

Users browsing this forum: No registered users and 8 guests