|
 |  |  |  |  |  |  |  |  |
Welcome to Vista Forums we are your forum for Windows Vista help and discussion. Whether you need help or just want to post an idea you have on Vista, this is the forum for you.
 |
| |||||||
 |
| | Thread Tools | Display Modes |
06-20-2007
| #11 (permalink) |
| Guest | Re: Task manager violates security how many ways? "Alun Harford" <devnull@alunharford.co.uk> wrote in message news:%23WlyxCnsHHA.4916@TK2MSFTNGP05.phx.gbl... > Norman Diamond wrote: >> "Seth" <seth_lermanNOSPAM@hotmail.com> wrote in message >> news:SY_bi.26$Wr7.16@newsfe12.lga... >>> "Norman Diamond" <ndiamond@community.nospam> wrote in message >>> news:e86Pa$arHHA.1172@TK2MSFTNGP03.phx.gbl... >>>> "Rock" <Rock@nospam.net> wrote in message >>>> news:urTrrzarHHA.3276@TK2MSFTNGP04.phx.gbl... >>>>> "Norman Diamond" <ndiamond@community.nospam> wrote in message >>>>> news:u0eSVUZrHHA.5028@TK2MSFTNGP05.phx.gbl... >>>>>> At the bottom of the Task Manager screen is a button saying "Show >>>>>> processes from all users". I HAVE NOT CLICKED THIS BUTTON. >>>>>> Task Manager is showing processes owned by Task Manager's owner (a >>>>>> standard user) AND processes owned by an administrative user. Why? >>>>> >>>>> That's normal for a standard user. It's not showing all the processes >>>>> on the system that one would see by clicking on show processes from >>>>> all users. >>>> >>>> Sure it's not showing all, but why is it showing any? I think it >>>> shouldn't show any other users' processes until administrative >>>> credentials are input (especially when the other users' processes are >>>> running as admin). >>> >>> The additional processes you are seeing are system processes that are >>> running in the current users context. >> >> As shown in the screenshot, the additional processes are not system >> processes and they are not running in the current user's context. >> http://www.geocities.jp/hitotsubishi...ed_taskmgr.png >> Administrative user "soft1" is running user process "cmd.exe" in the >> context of user "soft1". > > I doubt that. I suspect that "soft1" is running cmd.exe in the context of > "Administrators", which all users can see. I doubt that. taskmgr.exe showed that cmd.exe is being executed by user "soft1" not by "Administrators". Meanwhile, why should all users be able to see applications that run in the context of "Administrators"? taskmgr.exe properly refused to display applications that run in the context of SYSTEM or LOCAL SERVICE or NETWORK SERVICE. Why make an exception for Administrators, are they intentionally less secure than LOCAL SERVICE? |
My System Specs |
|
06-21-2007
| #12 (permalink) |
| Guest | Re: Task manager violates security how many ways? "Norman Diamond" <ndiamond@community.nospam> wrote in message news:eY76LqvsHHA.3556@TK2MSFTNGP05.phx.gbl... > cmd.exe was launched using Vista's equivalent of "RunAs". That command > window and any programs started from that command window operate in the > context of user "soft1" not user "英語ユーザ". I still don't see why it is > considered acceptable for an instance of taskmgr.exe which is running in > the context of standard user "英語ユーザ" to display any of the tasks which run > in the context of a user other than "英語ユーザ". > > (In contrast when another instance of taskmgr.exe was started by > administrative user "soft1" and that privileged instance showed > everything, that seemed reasonable to me.) So, either you gave the password for "soft1" or it doesn't have a password. In the first case there is no security violation, in the second case the lack of a password for "soft1" is the security violation. -- Frank Saunders, MS-MVP OE/WM Do not send mail. |
| My System Specs |
|
06-21-2007
| #13 (permalink) |
| Guest | Re: Task manager violates security how many ways? "Frank Saunders, MS-MVP OE/WM" <franksaunders@mvps.org> wrote in message news:C09601BA-A20F-4CBD-8FC3-6F2AE93791F8@microsoft.com... > "Norman Diamond" <ndiamond@community.nospam> wrote in message > news:eY76LqvsHHA.3556@TK2MSFTNGP05.phx.gbl... > >> cmd.exe was launched using Vista's equivalent of "RunAs". That command >> window and any programs started from that command window operate in the >> context of user "soft1" not user "英語ユーザ". I still don't see why it >> is considered acceptable for an instance of taskmgr.exe which is running >> in the context of standard user "英語ユーザ" to display any of the tasks >> which run in the context of a user other than "英語ユーザ". >> >> (In contrast when another instance of taskmgr.exe was started by >> administrative user "soft1" and that privileged instance showed >> everything, that seemed reasonable to me.) > > So, either you gave the password for "soft1" or it doesn't have a > password. In the first case there is no security violation, in the second > case the lack of a password for "soft1" is the security violation. Are you replying to my parenthetical remark? If so, I agree with you. I added that parenthetical remark in order to point out how it differs from the situation that I'm complaining about. When standard user "英語ユーザ" started taskmgr.exe, this standard user did not enter any password. Furthermore this standard user did not even click the button to try showing processes owned by other users, and still did not enter any password. So why did this standard user's instance of taskmgr.exe display processes that are owned by a user other than this standard user? I do not think the answer is because a completely separate operation involved inputting a password for that completely separate operation. I think the display by an unprivileged execution of taskmgr.exe, of processes owned by a different user than the unprivileged owner of that instance of taskmgr.exe, is a security violation. Meanwhile administrative user soft1 had a password. Meanwhile standard user 英語ユーザ had a password. Did you have some purpose in adding this straw man to the discussion? |
| My System Specs |
Linear Mode
