Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify what is happening and who is requesting permissions in the UAC prompt. #16

Open
e3ndr opened this issue Feb 8, 2024 · 4 comments
Open

Clarify what is happening and who is requesting permissions in the UAC prompt. #16

e3ndr opened this issue Feb 8, 2024 · 4 comments
Labels
Issue-Scenario Bigger than a feature - this is a group of features
Milestone
24H2

Comments

@e3ndr
Copy link

e3ndr commented Feb 8, 2024

No clue how achievable this would be, but if this could somehow show “Requested by Terminal” and maybe a “More Info” button that shows the full command line that’d be great.

I could see this being used as an attack vector against unskilled users who see the prompt and think “yeah, i trust Microsoft with admin permission." and click Yes blindly.

Original prompt (as seen in the documentation):
image

My suggested revision/alteration:
revised

(obviously my version sucks visually. make it prettier ;) )
@gerardog
Copy link

gerardog commented Feb 8, 2024
edited

If you are changing the UAC popup... There is so much more:

  • That Microsoft has signed the sudo.exe is now irrelevant.
  • Show the signature of the process to elevate instead.
  • Show the full command line to elevate (I don't want to click 'Show more details' every time), so we know which sub-command is being elevated.
  • Let me check which process is asking for elevation.

IMO: Enabling Sudo is kind of a new step in the UAC control settings. Integrating Sudo and UAC is the obvious next step.
image

@mwisnicki
Copy link

Potential workaround until UAC is improved: use separate exe for rpc server and sign it with publisher name set to "Unknown".

@zadjii-msft zadjii-msft added Needs-Triage It's a new issue that the core contributor team needs to triage at the next triage meeting Issue-Feature New feature or request. Complex enough to require planning and actual budgeted, scheduled work. labels Feb 9, 2024
@zadjii-msft
Copy link
Member

I really want to work with the UAC folks in the coming months with this. I think this is a great idea.

@zadjii-msft zadjii-msft added Issue-Scenario Bigger than a feature - this is a group of features and removed Issue-Feature New feature or request. Complex enough to require planning and actual budgeted, scheduled work. labels Feb 19, 2024
@zadjii-msft zadjii-msft added this to the Backlog milestone Feb 19, 2024
@joadoumie joadoumie modified the milestones: Backlog, 24H2 Feb 21, 2024
@joadoumie joadoumie added Needs-Triage It's a new issue that the core contributor team needs to triage at the next triage meeting and removed Needs-Triage It's a new issue that the core contributor team needs to triage at the next triage meeting labels Feb 28, 2024
@joadoumie
Copy link
Collaborator

This is tracked internally with MSFT:49342133

@joadoumie joadoumie removed the Needs-Triage It's a new issue that the core contributor team needs to triage at the next triage meeting label Mar 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Issue-Scenario Bigger than a feature - this is a group of features
Projects
None yet
Milestone
24H2
Development

No branches or pull requests
5 participants
@mwisnicki @gerardog @zadjii-msft @e3ndr @joadoumie