"Very Severe Hole" In Vista UAC Design

Hacker Joanna Rutkowska has flagged a "very severe hole" in the design of Windows Vista's User Account Controls (UAC) feature. The issue is that Vista automatically assumes that all setup programs (application installers) should be run with administrator privileges — and gives the user no option to let them run without elevated privileges. This means that a freeware Tetris installer would be allowed to load kernel drivers. Microsoft's Mark Russinovich acknowledges the risk factor but says it was a 'design choice' to balance security with ease of use.
http://it.slashdot.org/article.pl?sid=07/02/13/1922237&from=rss

Hozzászólások

a hölgy még 5-én maga írt egy megoldást a problémára (aki olvassa a blogját tudja), de finoman szólva nem túl elegáns, és szerintem itt át kéne gondolni Intézeti oldalról a designt

Na'on jó... setuid-root dpkg, illetve apt-get (vagy rpm, ízlés szerint...)