Windows su or sudo?

Garrett followed up on my recent post about creating a root shell by point to Aaron Margosis' post with a “MakeMeAdmin.cmd” batch file. My one-liner solution created a shell as an admin user. Aaron's is more extensive and adds the current user temporarily to the administrators group (requiring the admin password), then requires the current logged-in user to log in again for the shell session.

I'm not sure of the security implications of each, or whether one is better than the other. In a sense, my script is similar to “su” where the shell is in the context of another administrator, where Aaron's is closer to “sudo” in the sense that the current user can temporarily execute super user commands. It sure would be nice if the script could go one step further and persist a list of users with sudo capabilities, so you only had to do one login. In either case, it seems that the security context doesn't “leak” outside of the shell in which it is executed.

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.