diff --git a/readme.rst b/readme.rst index 69b72e6..116831d 100644 --- a/readme.rst +++ b/readme.rst @@ -125,7 +125,7 @@ and to dig deeper if you are interested. If you are an experienced Linux user, this document is a test of the theory that the fastest way to get feedback -is to be publically wrong about something people care about. +is to be publicly wrong about something people care about. Corrections and additions are welcome. If you are a Windows user: @@ -428,7 +428,7 @@ wanted to reserve the remaining space for control characters. --- Ibid, p.232 -Though the comittee first formed in 1961, +Though the committee first formed in 1961, it wasn't until late 1963 that they finally agreed to include a lowercase alphabet, largely because of the influence of the @@ -1556,6 +1556,31 @@ since applications do not lock files by default. .. TODO: CR LF \r\n newlines? +----------------------------------------- +Lack of granular execution access control +----------------------------------------- + +Windows does not have a similar concept to `sudo`_/`doas`_/`please`_ +(`sudo`, but with regex). Users cannot run arbitrary commands as a given +user without knowledge of the alternate user's password (see +`runas`). + +This creates difficulty for large multi-user systems when assigning +roles without administrator access. Performing tasks that need to step +outside of low privilege is not a simple matter without divulging the +alternative user's credentials. + +Unix systems support the SUID execute bit (normally mode 4755) on a +binary which, when executed switches process ownership to the file +owner, not the user that executed it. This is sorely lacking in +Windows and would change the access landscape if it were implemented, +many organisations could then solve many issues where users execute +programs as a privileged user when they wouldn't otherwise need to. + +.. _sudo: https://www.sudo.ws/ +.. _doas: https://man.openbsd.org/doas +.. _please: https://gitlab.com/edneville/please + ----------------------------------------- Lack of control over desktop environment. ----------------------------------------- @@ -2525,7 +2550,7 @@ which have the same `issues with signal-to-noise ratio`_ that most forums have. By contrast, projects like the Linux kernel and the Debian project maintain accountability and clarity -by publically tracking and acknowledging bugs, +by publicly tracking and acknowledging bugs, even when it is embarrassing to do so [#brown_paper_bag_release]_ [#runs_rm_r_as_root]_. @@ -2619,7 +2644,7 @@ they will report bugs caused by the actual applications, not ones caused by malware. Most Linux distributions use cryptographically secure package managers -which is a signifiantly better security model +which is a significantly better security model than downloading unsigned executables over a network and then granting them administrative privileges.