Using UAC elevation in Windows Explorer to view a folder creates access control entry

Discussion in 'other security issues & news' started by MrBrian, Mar 27, 2010.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Note to Vista and Windows 7 users: using UAC elevation in Windows Explorer to view a folder's contents creates an access control entry giving the current user permanent full access to the given folder, its files, and all subfolders! This behavior is by design, not a bug.

    Example: I am using Windows Explorer from the standard user account schmo to browse files in c:\users\brian, where brian is an admin account. This requires UAC elevation with an admin password. Looking at the security of folder c:\users\brian, there an access control entry giving schmo full control of all files and subfolders within c:\users\brian! As a result, if I encounter malware while using account schmo, the malware could read and modify all files within c:\users\brian, which normally would have been inaccessible to schmo.
     
  2. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    Are you using windows 7 ?
    Is so what is your UAC level set to ?
     
  3. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    Is there a way around giving the permanent access or does one have to reset this manually if it's a concern? If it's by design, what was their intentions in having designed this way?
     
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Yes, Win x64 with UAC set to highest. Are you able to reproduce on your OS?

    I didn't try it on Vista but I assumed it's the same there. Maybe somebody using Vista can test.
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I believe the reason for this behavior is that UAC cannot elevate already running processes, and explorer.exe is already running when you use your computer. See http://vistavitals.blogspot.com/2008/06/uac-elevate-windows-explorer.html for further explanation and some workarounds.

    Some other workarounds:
    1. Use an alternate file explorer running elevated
    2. Use Windows Explorer in the hidden administrator account that always runs as true admin

    I didn't research this issue a lot. You can get some further information by doing a web search for "Windows explorer" elevated.

    Some discussions about this issue:
    http://social.technet.microsoft.com...y/thread/1798a1a7-bd2e-4e42-8e98-0bc715e7f641
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.