Using UAC elevation in Windows Explorer to view a folder creates access control entry

Discussion in 'other security issues & news' started by MrBrian, Mar 27, 2010.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Note to Vista and Windows 7 users: using UAC elevation in Windows Explorer to view a folder's contents creates an access control entry giving the current user permanent full access to the given folder, its files, and all subfolders! This behavior is by design, not a bug.

    Example: I am using Windows Explorer from the standard user account schmo to browse files in c:\users\brian, where brian is an admin account. This requires UAC elevation with an admin password. Looking at the security of folder c:\users\brian, there an access control entry giving schmo full control of all files and subfolders within c:\users\brian! As a result, if I encounter malware while using account schmo, the malware could read and modify all files within c:\users\brian, which normally would have been inaccessible to schmo.
     
  2. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    Are you using windows 7 ?
    Is so what is your UAC level set to ?
     
  3. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    Is there a way around giving the permanent access or does one have to reset this manually if it's a concern? If it's by design, what was their intentions in having designed this way?
     
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Yes, Win x64 with UAC set to highest. Are you able to reproduce on your OS?

    I didn't try it on Vista but I assumed it's the same there. Maybe somebody using Vista can test.
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I believe the reason for this behavior is that UAC cannot elevate already running processes, and explorer.exe is already running when you use your computer. See http://vistavitals.blogspot.com/2008/06/uac-elevate-windows-explorer.html for further explanation and some workarounds.

    Some other workarounds:
    1. Use an alternate file explorer running elevated
    2. Use Windows Explorer in the hidden administrator account that always runs as true admin

    I didn't research this issue a lot. You can get some further information by doing a web search for "Windows explorer" elevated.

    Some discussions about this issue:
    http://social.technet.microsoft.com...y/thread/1798a1a7-bd2e-4e42-8e98-0bc715e7f641
     
Loading...
Thread Status:
Not open for further replies.