Jump to content

Comparison of privilege authorization features

Add links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Remember the dot (talk | contribs) at 05:30, 13 March 2007 (well, it's a start.). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

A number of computer operating systems employ security features to reduce the ability of administrators from giving malware sufficient privileges to compromise the computer system. Previously to the rise of this concept, operating systems such as DOS and Windows 95 gave administrator privileges to all programs running on an administrator account. The problem was that this also gave malware, viruses, worms, etc. administrator privileges as well. With these privileges, malicious software could wreak havoc on the operating system.

To combat this problem, modern operating systems use one or two methods. The simple method is to give users limited-privilege accounts, switching to a higher-privileged account only when necessary. Another method is to have users run with administrative privileges as before, but require explicit permission to grant a process administrator rights.

This article aims to compare and contrast the similarities and differences between implementations of these methods and the level of security offered by each.

su

Main article: su (Unix)

su is a command line tool for Unix. It allows users to quickly switch the terminal to a different account by entering the username and password of that account. It is often used to switch to an account with higher privileges, such as the root account.

sudo

sudo in a terminal window on Ubuntu
Main article: sudo

sudo, created around 1980,[1] is a Unix command line tool similar to su, but it allows certain users to run programs with root privileges instead of having to switch to the root account.[2] By default, it requires the user to authenticate themselves by re-entering their password.[3]


gksudo

gksudo on Ubuntu

gksudo is a graphical frontend to sudo included with Ubuntu. It comes up automatically when an application tries to perform an action requiring root priviliges. To keep other applications from inputting the user's password through spoofed keystrokes or mouse movements, by default it "locks" the keyboard, mouse, and window focus,[4] preventing anything but the actual user from inputting the password or otherwise interfering with the confirmation dialog.


kdesu

kdesu is a graphical front-end to the su command.[5]


Authenticate

The "Authenticate" dialog in Mac OS X

Mac OS X includes the "Authenticate" dialog, which prompts the user to input their password in order to perform administrator tasks.


User Account Control

File:User Account Control administrator dialog.png
UAC confirmation dialog
UAC confirmation on a non-administrator account
Main article: User Account Control

Windows Vista includes the User Account Control (UAC) feature. Like gksudo, it comes up automatically when an application tries to perform an action requiring administrative priviliges.[6] UAC provides a simpler user experience for administrators than gksudo because by default, it merely asks the administrator to allow or deny the action, instead of re-entering their password each time. UAC by default runs in the Secure Desktop, preventing malicious applications from simulating clicking the "Allow" button or otherwise interfering with the confirmation dialog.[7] The Secure Desktop is similar to gksudo's default behavior of locking the keyboard, mouse, and window focus.

It is also possible to require the user to press Ctrl+Alt+Del as part of the authentication process. Because only Windows can detect this key combination, requiring this additional security measure would prevent spoofed dialogs from behaving the same way as a legitimate dialog. Thus, the user would be able to tell whether the dialog was an attempt to trick the user into providing their password to a piece of malicious software.[8]

When the user is not an administrator, UAC prompts for an administrator username and password.


runas

runas is a feature of Windows XP that allows running a program as a different user.

References

  1. ^ Miller, Todd C. "A Brief History of Sudo". Retrieved 2007-03-12.
  2. ^ Miller, Todd C. "Sudo in a Nutshell". Retrieved 2007-03-12.
  3. ^ Miller, Todd C. "Sudoers Manual". Retrieved 2007-03-12.
  4. ^ "Translations made by Irvin Piraman". Retrieved 2007-03-12.
  5. ^ Bellevue Linux (2004-11-20). "The KDE su Command". Retrieved 2007-03-12.
  6. ^ "User Account Control Overview". Microsoft. 2006-10-02. Retrieved 2007-03-12.
  7. ^ "User Account Control Prompts on the Secure Desktop". UACBlog. Microsoft. 2006-05-03. Retrieved 2007-03-04. {{cite web}}: |first= missing |last= (help)
  8. ^ Allchin, Jim (2007-01-23). "Security Features vs. Convenience". Windows Vista Team Blog. Microsoft. Retrieved 2007-03-12.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Comparison_of_privilege_authorization_features&oldid=114734574"