[13578] in bugtraq
Re: Windows 2000 Run As... Feature
daemon@ATHENA.MIT.EDU (Steve Wolfe)
Thu Jan 27 00:38:21 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <005d01bf6838$6580cb60$85755ad1@iboats.com>
Date: Wed, 26 Jan 2000 13:03:21 -0700
Reply-To: Steve Wolfe <steve@IBOATS.COM>
From: Steve Wolfe <steve@IBOATS.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
> NOT TRUE... In every version of windows ive used (upto win2k rc2)
> the start->run command will run any executable in your %path%.
Not to mention that it will look in the "Current Working Directory"
*before* searching the path, the same principle as having a "./" as the
first thing in your search path in Unix.... odd that most everyone in the
world would recognize that as a very bad thing except for Microsoft. It's
even more dangerous in the GUI environment where people are (a) more likely
to forget the concept of a current working directory, and (b) there's
nothing to tell you what the CWD is, short of opening a command prompt -
and then, depending on how it's opened, it still may not show you.
steve
