Clik here to view.
re: A classification of faces with eyes open and closed in Dr. Seuss's ABC...
Joshua, considering the length of Raymond's posting queue, the child may be finishing the school by now.
View ArticleClik here to view.
re: I brought this process into the world, and I can take it out!
> UAC sure is a quirky design. :) Irrelevant to UIPI, which needed doing anyway.
View ArticleClik here to view.
re: I brought this process into the world, and I can take it out!
@Joshua Well, from that extra information, I still think that the service had too many privileges and could have gotten rid of that by fixing the design. @Leo If it was the other way around, wouldn't...
View ArticleClik here to view.
re: I brought this process into the world, and I can take it out!
@Crescens2k: What I needed was a SUID-bit but it wasn't available.
View ArticleClik here to view.
re: I brought this process into the world, and I can take it out!
@Avi can't they all be traced back to winlogon, by that logic? There has to be _some_ way to deliberately break the chain, or there would never be any such thing as an unprivileged process.
View ArticleClik here to view.
re: I brought this process into the world, and I can take it out!
So it sounds like the main reason low-integrity processes can kill high-integrity processes is to avoid annoying the user with a UAC prompt. That doesn't sound like a very well thought-through security...
View ArticleClik here to view.
re: I brought this process into the world, and I can take it out!
@jon: Windows Media Player is a super-high privileged process and it is elevated by kernel. Would you have it be unkillable?
View ArticleClik here to view.
re: I brought this process into the world, and I can take it out!
I second the first question by AC: Why is posting SC_SYSCOMMAND by the explorer not prevented by UI privilege isolation? preventing messages from getting from your mid-integrity explorer to your...
View ArticleClik here to view.
re: I brought this process into the world, and I can take it out!
[WM_SYSCOMMAND is hardly the same as keyboard messages. You can't fiddle a password entry box with WM_SYSCOMMAND. -Raymond] Keyboard messages are harmless compared to what WM_SETTEXT and EM_GETSEL can...
View ArticleClik here to view.
re: A classification of faces with eyes open and closed in Dr. Seuss's ABC...
Oh, Raymond, the places you'll go. Brilliant.
View ArticleClik here to view.
re: I brought this process into the world, and I can take it out!
@Joshua: >Keyboard messages are harmless compared to what WM_SETTEXT and EM_GETSEL can do. And that's the kind of messages stopped by UI isolation. And CBT hooks.
View ArticleClik here to view.
re: Sabotaging yourself: Closing a handle and then using it
Cesar: There are probably tons of programs out there that assume a malloc will return memory at the address that was last freed. Odds are they free some data structure, then allocate a new one and...
View ArticleClik here to view.
re: Sabotaging yourself: Closing a handle and then using it
In spite of the largely sound "select isn't broken" principle, I did I have a time when I found, in rapid succession, a bug in GCC, the C++ standard library that ships with a rather older version of...
View ArticleClik here to view.
re: Why can't I set "Size all columns to fit" as the default?
Muzer says: " Oh, the one thing I REALLY hate, is that, though you can get a "command prompt here" option for a folder by shift-right-clicking it (or is it ctrl, I can't actually remember), you can't...
View ArticleClik here to view.
re: Why can't I set "Size all columns to fit" as the default?
(BTW, I moved the "Open command window here" option to the main context menu, so "Open elevated command window here" only shows up in the 'secret' Shift-ed context menu.)
View ArticleClik here to view.
re: Sabotaging yourself: Closing a handle and then using it
@joshua: That's too much to bother. I suspect handle recycle is not even remotely on the list of concerns of kernel guys.
View ArticleClik here to view.
re: Why can't I set "Size all columns to fit" as the default?
>> reduced user confidence since it's hard to have the confidence to click the mouse if there is an underlying threat that the thing you're trying to click will move around of its own volition....
View ArticleClik here to view.
re: Sabotaging yourself: Closing a handle and then using it
And like Cesar said, a lot of people don't even know their program relies on handle recycling: This kind of thing is more likely to be a bug than a conscious choice.
View ArticleClik here to view.
re: Sabotaging yourself: Closing a handle and then using it
Assuming you set FooMutex to null, doesn't that save you from having to wait on it to check whether it's uninitialised? (Although given the possibility of uninitialising the DLL on two threads at once,...
View ArticleClik here to view.
re: Sabotaging yourself: Closing a handle and then using it
Neil: Waiting on it isn't to check whether it's uninitialized; it's to protect the critical section in the cleanup code. The ReleaseMutex is what's unnecessary -- in fact, I'd call it a bug. You want...
View Article