SAFER

TheMSsForum.com: The Microsoft Software Forum

All,
I am guessing the answer to this is "no" but just had to check to be sure.
Is there a way to use the SAFER framework to elevate privileges of certain
programs? It would make it a lot easier to have users running as normal
users, but still allowing them to run programs that require admin privs. I
wish Windows had a SUID bit.

-P
Top

Re: SAFER by Shenan

Shenan
Tue Nov 21 18:19:27 CST 2006

TwistedPair wrote:
> All,
> I am guessing the answer to this is "no" but just had to check to
> be sure. Is there a way to use the SAFER framework to elevate
> privileges of certain programs? It would make it a lot easier to
> have users running as normal users, but still allowing them to run
> programs that require admin privs. I wish Windows had a SUID bit.

RUNAS?

And any application that requires you to run it with elevated privs is not
something you likely want being used much anyway.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html


Top

Re: SAFER by Roger

Roger
Tue Nov 21 22:43:05 CST 2006

That is not a SAFER capability.
A fair percentage of applications that are shipped in brain-dead
install design can be cured of their need for admin privileges.
Those that actually do things that require admin can be handled
by such as runas

"TwistedPair" <twistedpair@mail.com> wrote in message
news:%23%23XjSCcDHHA.3476@TK2MSFTNGP04.phx.gbl...
> All,
> I am guessing the answer to this is "no" but just had to check to be sure.
> Is there a way to use the SAFER framework to elevate privileges of certain
> programs? It would make it a lot easier to have users running as normal
> users, but still allowing them to run programs that require admin privs.
> I wish Windows had a SUID bit.
>
> -P
>


Top

Re: SAFER by Karl

Karl
Wed Nov 22 17:59:44 CST 2006


"Shenan Stanley" <newshelper@gmail.com> wrote in message
news:ua9ggvcDHHA.1196@TK2MSFTNGP02.phx.gbl...
> TwistedPair wrote:
>> All,
>> I am guessing the answer to this is "no" but just had to check to
>> be sure. Is there a way to use the SAFER framework to elevate
>> privileges of certain programs? It would make it a lot easier to
>> have users running as normal users, but still allowing them to run
>> programs that require admin privs. I wish Windows had a SUID bit.
>
> RUNAS?

Agreed. Windows Runas is arguably better in many ways than Linux SUID,
because SUID as I understand it can only point to a single account, whereas
Runas can be used with any account and permissions you create. The way SUID
is most commonly used involves giving users the all-powerful root password.
And like SUID, you can use Windows NTFS and other permissions to control
what actions the escalated Runas user can and cannot perform.


--
kind regards,
Karl Levinson, MS MVP
Security FAQ site:
http://securityadmin.info



Top

Re: SAFER by Karl

Karl
Wed Nov 22 18:05:56 CST 2006


"Karl Levinson, mvp" <levinson_k@securityadmin.info> wrote in message
news:%23IWyJJpDHHA.3492@TK2MSFTNGP02.phx.gbl...

>>> I wish Windows had a SUID bit.
>>
>> RUNAS?
>
> Agreed. Windows Runas is arguably better in many ways than Linux SUID,
> because SUID as I understand it can only point to a single account,
> whereas Runas can be used with any account and permissions you create.
> The way SUID is most commonly used involves giving users the all-powerful
> root password. And like SUID, you can use Windows NTFS and other
> permissions to control what actions the escalated Runas user can and
> cannot perform.

Sorry, a minute after posting this I realized this was a brain fart on my
part, I was thinking of something other than SUID and so my post doesn't
accurately reflect the way SUID actually works. Forget I said anything.


Top