|
 |
Chris Cason wrote:
> And here's a perfect example: try to create a new folder in "Program Files"
> using windows explorer. You will get a UAC prompt to create the folder. Fair
> enough. But the folder is called "New Folder" ... and very few people will leave
> it named that. Yet renaming it immediately invokes another UAC prompt.
Explorer is dumb here. That's not the UAC's fault.
> The *smart* thing for Microsoft to do would be to not actually create the folder
> until you've specified what name you want for it (and allowing 'New Folder' as
> default if you don't care), or at a minimum allow the account that created the
> folder the right to rename it also ... yet they don't.
Yes. They could just hold onto the privilege token for five minutes (just
like sudo does) and reuse it if they have another operation involving the
same folder, for example.
> The reason? I don't think it's because they're dumb, I think it's because they
> just don't care. After all, it's not their time being wasted.
Could be that. Could be that they're rushed.
> NB I hear this is fixed in Windows 7, though in what way I don't know.
In a worse way, unfortunately. In a broken-security kind of way. MS
apparently doesn't want to take the time to code it up right, which is a
shame, because you'd think that's exactly the sort of thing where they could
make a library that says "here's how you do it right" and everyone would be
happy.
--
Darren New, San Diego CA, USA (PST)
My fortune cookie said, "You will soon be
unable to read this, even at arm's length."
Post a reply to this message
|
|
