Starting elevated (high integrity) after installation
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Midori Web Browser |
New
|
Undecided
|
Unassigned |
Bug Description
When Midori 0.5.11 was started by the installer on Windows Vista (32bit), I noticed that it was labeled with Integrity 'High' in Process Hacker°. This is a problem in itself (for a web browser) and an indicator that it is using the unrestricted token, colloquially known as running elevated or with elevated rights; that is, with full admin privileges.*
It’s about as bad as running your webbrowser as superuser under UNIX-likes and you wouldn’t usually do that, would you? ;)
I suggest plainly not starting it with those rights at all from the installer – while subprocesses would automatically inherit them, there are mechanisms available to start processes explicitly with limited rights. This is a solution that has been proposed for QupZilla, which has the same problem. (I hope it won’t be as complicated to implement as my short glance into the docs has made it seem …)
As soon as processes begin to execute, the token cannot be changed anymore (so no privilege dropping after the fact); relaunching it would work, but then, it would interfere with users deliberately starting it elevated, for troubleshooting or whichever other reasons.
°: a Task Manager replacement
*: I don’t know how proficient you are in Windows technicalities. For a short description of this, look into fourth paragraph of the History section of this Wikipedia article (and consult the article as a whole): https:/
For the integrity level mechanism, there’s the (linked) article https:/
description: | updated |
description: | updated |