Starting elevated (high integrity) after installation

Bug #1650162 reported by Mühlentreffler on 2016-12-15
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Midori Web Browser
New
Undecided
Unassigned

Bug Description

When Midori 0.5.11 was started by the installer on Windows Vista (32bit), I noticed that it was labeled with Integrity 'High' in Process Hacker°. This is a problem in itself (for a web browser) and an indicator that it is using the unrestricted token, colloquially known as running elevated or with elevated rights; that is, with full admin privileges.*

It’s about as bad as running your webbrowser as superuser under UNIX-likes and you wouldn’t usually do that, would you? ;)

I suggest plainly not starting it with those rights at all from the installer – while subprocesses would automatically inherit them, there are mechanisms available to start processes explicitly with limited rights. This is a solution that has been proposed for QupZilla, which has the same problem. (I hope it won’t be as complicated to implement as my short glance into the docs has made it seem …)

As soon as processes begin to execute, the token cannot be changed anymore (so no privilege dropping after the fact); relaunching it would work, but then, it would interfere with users deliberately starting it elevated, for troubleshooting or whichever other reasons.

°: a Task Manager replacement
*: I don’t know how proficient you are in Windows technicalities. For a short description of this, look into fourth paragraph of the History section of this Wikipedia article (and consult the article as a whole): https://en.wikipedia.org/wiki/User_Account_Control#History
For the integrity level mechanism, there’s the (linked) article https://en.wikipedia.org/wiki/Mandatory_Integrity_Control .

description: updated
description: updated
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers