Comparison of privilege authorization features: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 02:05, 6 September 2022 edit 109.227.107.17 (talk) No edit summary Tags: Reverted Mobile edit Mobile web edit ← Previous edit		Latest revision as of 23:51, 28 August 2025 edit undo Citation bot (talk \| contribs) Bots 5,873,328 edits Removed parameters. \| Use this bot. Report bugs. \| Suggested by Abductive \| Category:Articles with unsourced statements from November 2007 \| #UCB_Category 432/562
(10 intermediate revisions by 8 users not shown)
Line 1: {{Short description\|None}} {{Missing information\|the Mac "Authenticate" dialog\|date=September 2021}} A number of computer [[operating systems]] employ security features to help prevent [[malicious software]] from gaining sufficient privileges to compromise the computer system. Operating systems lacking such features, such as [[DOS]], [[Microsoft Windows\|Windows]] implementations prior to [[Windows NT]] (and its descendants), CP/M-80, and all Mac operating systems prior to Mac OS X, had only one category of user who was allowed to do anything. With separate execution contexts it is possible for multiple users to store private files, for multiple users to use a computer at the same time, to protect the system against malicious users, and to protect the system against malicious programs. The first multi-user secure system was [[Multics]], which began development in the 1960s; it wasn't until [[UNIX]], [[BSD]], [[Linux kernel\|Linux]], and [[Windows NT\|NT]] in the late 80s and early 90s that multi-tasking security contexts were brought to [[x86]] consumer machines. == Introduction to implementations == ;Microsoft Windows Line 29 ⟶ 34: \|accessdate=2007-03-13 }}</ref> This service provides the capability to allow applications running as a separate user to interact with the logged-in user's desktop. This is necessary to support drag-and-drop, clipboard sharing, and other interactive login features. \|- \| style="text-align: center;" \| \|'''[[sudo]]''':<br />[[Windows 11, version 24H2]] comes with Windows edition of {{Mono\|sudo}}. Although not enabled by default, it can be enabled in Developer Settings page<ref>{{Cite web \|date=2025-07-22 \|title=Sudo for Windows \|url=https://learn.microsoft.com/en-us/windows/advanced-settings/sudo/ }}</ref>. \|} ;macOS ~~;Mac OS~~ {\| \|- \|style="width:130px;height:90px;text-align:center" \|[[Image:Mac OS X Authenticate.png\|border\|120px\|Authenticate]] \|[[~~Mac OS X~~macOS]] includes the '''Authenticate''' dialog, which prompts the user to input their password in order to perform administrator tasks. This is essentially a graphical front-end of <code>[[sudo]]</code> command. \|} Line 55 ⟶ 63: \|archive-date = 2007-02-22 \|url-status = dead }}</ref> ''sudo'' is a highly configurable Unix command -line tool similar to ''su'', but it allows certain users to run programs with root privileges without spawning a root shell or requiring root's password.<ref name="Sudo Nutshell">{{cite web \|url=http://www.gratisoft.us/sudo/intro.html \|title=Sudo in a Nutshell Line 96 ⟶ 104: \|- \| \|'''[[doas]]''':<br/> {{Mono\|sudo}} replacement since [[OpenBSD]] 5.8 (October 2015) \|} Line 132 ⟶ 140: === Fake authentication dialogs === Another security consideration is the ability of malicious software to [[Spoofing attack\|spoof]] dialogs that look like legitimate security confirmation requests. If the user were to input credentials into a fake dialog, thinking the dialog was legitimate, the malicious software would then know the user's password. If the Secure Desktop or similar feature were disabled, the malicious software could use that password to gain higher privileges. [[File:Ctrl-Alt-Del for accessing secure desktop to enter credentials.png\|thumb\|[[User Account Control\|UAC]] requesting the secure attention sequence on Windows 11, asking the user to press [[Control-Alt-Delete\|Ctrl+Alt+Delete]] first to enter credentials, to avoid login spoofing.]] * Though it is not the default behavior for usability reasons, '''UAC''' may be configured to require the user to press [[Control-Alt-Delete\|Ctrl+Alt+Del]] (known as the [[secure attention sequence]]) as part of the authentication process. Because only Windows can detect this key combination, requiring this additional security measure would prevent spoofed dialogs from behaving the same way as a legitimate dialog.<ref name="Allchin">{{cite web \|url=http://windowsvistablog.com/blogs/windowsvista/archive/2007/01/23/security-features-vs-convenience.aspx Line 141 ⟶ 150: \|date=2007-01-23 \|accessdate=2007-03-12 }}</ref> For example, a spoofed dialog might not ask the user to press {{Key press\|Ctrl+\|Alt+\|Del}}, and the user could realize that the dialog was fake. Or, when the user did press Ctrl+Alt+Del, the user would be brought to the screen Ctrl+Alt+Del normally brings them to instead of a UAC confirmation dialog. Thus the user could tell whether the dialog was an attempt to trick them into providing their password to a piece of malicious software. * In GNOME, '''PolicyKit''' uses different dialogs, depending on the configuration of the system. For example, the authentication dialog for a system equipped with a [[fingerprint reader]] might look different from an authentication dialog for a system without one. Applications do not have access to the configuration of PolicyKit, so they have no way of knowing which dialog will appear and thus how to spoof it.<ref>{{cite web\|url=http://hal.freedesktop.org/docs/PolicyKit/introduction.html#intro-about\|title=Authentication Agent\|date=2007\|accessdate=2017-11-15\|archive-url=https://web.archive.org/web/20120218163259/http://hal.freedesktop.org/docs/PolicyKit/introduction.html#intro-about\|archive-date=2012-02-18\|url-status=dead}}</ref> Line 168 ⟶ 177: * '''sudo''',<ref name="Sudo Nutshell"/> '''gksudo''', and '''kdesu''' do not ask the user to re-enter their password every time it is called to elevate a program. Rather, the user is asked for their password once at the start. If the user has not used their administrative privileges for a certain period of time (sudo's default is 5 minutes<ref name="Sudo Nutshell"/>), the user is once again restricted to standard user privileges until they enter their password again. :sudo's approach is a trade-off between security and usability. On one hand, a user only has to enter their password once to perform a series of administrator tasks, rather than having to enter their password for each task. But at the same time, the surface area for attack is larger because all programs that run in that tty (for {{Mono\|sudo}}) or all programs not running in a terminal (for gksudo and kdesu) prefixed by either of those commands before the timeout receive administrator privileges. Security-conscious users may remove the temporary administrator privileges upon completing the tasks requiring them by using the <code>sudo -k</code> command when from each tty or pts in which {{Mono\|sudo}} was used (in the case of pts's, closing the terminal emulator is ''not'' sufficient). The equivalent command for kdesu is <code>kdesu -s</code>. There is no gksudo option to do the same; however, running <code>sudo -k</code> not within a terminal instance (e.g. through the {{Key press\|Alt + \|F2}} "Run Application" dialogue box, unticking "Run in terminal") will have the desired effect. * '''Authenticate''' does not save passwords. If the user is a standard user, they must enter a username and a password. If the user is an administrator, the current user's name is already filled in, and only needs to enter their password. The name can still be modified to run as another user.