You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is not. I don't think we plan on supporting mixed elevated and unelevated tabs, because it's a bit of a security hole.
Yes I know sudo is a thing, but we've had lots of discussions with the security team about the creation of a sudo for Windows. The main problem is due to the fact that any unelevated processes can send keystrokes to any other unelevated windows.
If you had an elevated commandline running in an unelevated window, an untrusted bad actor could execute an elevation-of-privilege attack by driving the unelevated windows that's running the elevated commandline.
EDIT (Feb 14 2020)
Okay, so this comment didn't age super well. Originally, there was no plan to support this, since it wouldn't work with the single HWND we had. We're working on designing a solution that might support this in the future, but we can't commit to anything until we're sure that we can come up with an appropriately secure solution, that ensures that a lower privileged process can't drive a higher privilege terminal.
Josverl, danielniccoli, wvovaw, paule96, paulo1410 and 99 morejkavanagh58, papadi, Charlweed, guai, drfuzzyness and 81 moreLuminarySage, danieldaeschle, rawlingsr, doublemcz, a-gn and 39 morenickkaczmarek, ITSecMedia, melchugin, Wittionary, uaevuon and 5 moreNirmal4G, VictorCalderon, lchord, KaXaSA, pheroMona13 and 6 more
Seems reasonable. I think having something like a combination of #576 (Open as Admin in the jump list), and maybe some kind of hotkey to launch an Admin session of the Terminal would solve most of my pain here.
dragonwolf83, OranguTech, daullmer, corbo-we, mrdrwest and 54 more
@mdtauk I think that unfortunately falls under the same category. Since all the tabs are under the same HWND, the root HWND is what would need to be elevated to prevent non-elevated apps from driving the window.
If you are having issues with gsudo please report them to @gerardog and not in this thread. Every message on this thread (this one included; sorry!) e-mails hundreds of subscribers.
I am going to lock this thread to further non-maintainer comments, as we are reaching the point where further comments aren’t moving the discussion forward a meaningful amount.
Please file new issues if you have concerns that are not covered here.
Activity
zadjii-msft commentedon May 9, 2019
There is not. I don't think we plan on supporting mixed elevated and unelevated tabs, because it's a bit of a security hole.
Yes I know
sudo
is a thing, but we've had lots of discussions with the security team about the creation of asudo
for Windows. The main problem is due to the fact that any unelevated processes can send keystrokes to any other unelevated windows.If you had an elevated commandline running in an unelevated window, an untrusted bad actor could execute an elevation-of-privilege attack by driving the unelevated windows that's running the elevated commandline.
(as a matter of linking related threads, #146)
EDIT (Feb 14 2020)
Okay, so this comment didn't age super well. Originally, there was no plan to support this, since it wouldn't work with the single
HWND
we had. We're working on designing a solution that might support this in the future, but we can't commit to anything until we're sure that we can come up with an appropriately secure solution, that ensures that a lower privileged process can't drive a higher privilege terminal.pingzing commentedon May 9, 2019
Seems reasonable. I think having something like a combination of #576 (Open as Admin in the jump list), and maybe some kind of hotkey to launch an Admin session of the Terminal would solve most of my pain here.
mdtauk commentedon May 9, 2019
What about having a standard and elevated Terminal open in a single window but separate tabs?
zadjii-msft commentedon May 10, 2019
@mdtauk I think that unfortunately falls under the same category. Since all the tabs are under the same HWND, the root HWND is what would need to be elevated to prevent non-elevated apps from driving the window.
245 remaining items
MikeChristensen commentedon Sep 1, 2020
DHowett commentedon Sep 1, 2020
If you are having issues with gsudo please report them to @gerardog and not in this thread. Every message on this thread (this one included; sorry!) e-mails hundreds of subscribers.
I am going to lock this thread to further non-maintainer comments, as we are reaching the point where further comments aren’t moving the discussion forward a meaningful amount.
Please file new issues if you have concerns that are not covered here.
Profile auto-elevation, version 3 (#12137)