Sudo for Windows / Feature Requests / #13 Don't inherit privileges to subprocesses

#13 Don't inherit privileges to subprocesses

Status: open

Owner: nobody

Labels: General (14)

Priority: 5

Updated: 2014-01-10

Created: 2007-02-21

Creator: Thomas Rupp

Private: No

I have a user limited to run a single program as administrator.
Unfortunately this program has an "open file" dialog. When the user switches to C:\windows\system32, right clicks on cmd.exe and selects "Execute as.." he can run all programs as Administrator from the DOS Box.

Discussion

cgutierrez - 2007-03-15

Logged In: YES
user_id=1744596
Originator: NO

This would need to be enabled/disabled for each command in the configuration file.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

addagats - 2007-10-12

Logged In: YES
user_id=1898690
Originator: NO

<<
This would need to be enabled/disabled for each command in the
configuration file.
>>

Hi,

By above statement, do you mean that we should explicitly disable the applications in the configuration file so that user can not launch them from a 'cmd.exe' window opened as Sudo?.

Thanks

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

ucaakashi - 2014-01-10

I'm not sure that will work. I set "allowAllCommands=False" for both the sudoers group and individual users, but the user can still start any application from the open/save dialog boxes as an admin (like cmd.exe), even though cmd.exe is not an allowed application.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Don't inherit privileges to subprocesses

Group

Searches

Help

#13 Don't inherit privileges to subprocesses

Discussion