I've noticed that Google takes advantage that permissions on the
%userprofile% include Execute is enabled. That is, users can save
executables under their profile folders and execute them from there.
Google "installs" (copies) their files for Google Chrome and Google
Earth into the user's profile folders knowing that the Execute
permission is enabled there. That way, they can get users to install
their software without concern regarding the limited privileges for a
standard Windows account.
Should users be executing programs from their %userprofile% path? Seems
the files there are supposed to be data files (documents, config files,
favorites/bookmarks, history info, log files, and so on). A normal
install would run into a privileges lockout for a limited user account
(LUA) to prevent the standard user from installing programs and
affecting - and afflicting - the desired software configuration of the
host. Of course, a program could copy its files elsewhere, like
C:\gotthaveprogram, but it seems they really shouldn't be under
%userprofile% and should, by default, be under %programfiles%.
One of the reasons that I ask this is after looking at some sandboxing
programs. Some require the user to overtly migrate files out of the
sandbox even if they were saved into a virtual (redirected)
%userprofile% folder; i.e., they don't get out unless the user takes
deliberate action to bring them out. Yet some allow files to get saved
into the real %userprofile% path (i.e., not sandboxed, redirected, or
otherwise protected). I suspect they believe that just data files are
going there but that's not true because of the Execute permissions is
enabled there so programs can run from there. However, just as a
general rule, it seems that program files should not be able to run from
the %userprofile% path regardless of sandboxing or not.
Removing the Execute permission from each user profile under
"C:\Documents and Settings" (for Windows XP) and replacing the
permissions down on the child objects would eliminate Google and others
from trying to use the %userprofile% as a means of corrupting the
purpose of this profile path. Alas, I'd have to remember to remove the
Execute permission from each user profile, like when a new account is
created, since you don't want to propagate the permissions from
"C:\Documents and Settings" itself onto the subfolders used for the
profile paths.
|
Similar Threads
