POV-Ray: Newsgroups: povray.off-topic: Programming language development: Re: Programming language development

POV-Ray : Newsgroups : povray.off-topic : Programming language development : Re: Programming language development		Server Time 9 Oct 2024 04:03:29 EDT (-0400)

From: Darren New
Date: 3 Oct 2009 16:20:26
Message: <4ac7b20a@news.povray.org>

Darren New wrote:
> Sorry.  I meant the shatter attack. It's where you fake using the 
> keyboard to write executable code into (say) a text entry box, then you 
> send a message to the program that makes it invoke a callback in such a 
> way as it jumps to the text in the text entry box.

Incidentally, this is exactly the reason the UAC does that funky thing with 
the screen. It's also the reason you get warnings every single time you 
start up a privileged program that opens a window, even if it's just an icon 
in the system tray.

You're *supposed* to write a service that runs with the appropriate 
privilege, then write an unprivileged UI that talks to the service, and the 
service makes sure that what the UI tells it to do is safe. If you just let 
the user talk straight to the privileged code thru the UI, you can have 
trouble.

Kind of a dumb design decision, probably left over from Win16 days. :-)

-- 
   Darren New, San Diego CA, USA (PST)
   I ordered stamps from Zazzle that read "Place Stamp Here".

Post a reply to this message