Why doesn't the RunAs program accept a password on the command line?

jernstrom.org » CPAU (Create Process As User)

jernstrom.org » CPAU (Create Process As User) — Fri, 02 Jan 2009 21:18:33 GMT

PingBack from http://jernstrom.org/site/2006/01/cpau-create-process-as-user/

People get hacked, not machines « Blogs are like opinions. Everybody has one…

People get hacked, not machines « Blogs are like opinions. Everybody has one… — Fri, 04 May 2007 11:23:24 GMT

PingBack from http://adamo.wordpress.com/2007/05/04/people-get-hacked-not-machines/

Avviare il Pannello di Controllo tramite runas

Alex's Weblog — Sun, 30 Apr 2006 01:23:08 GMT

re: Why doesn't the RunAs program accept a password on the command line?

Michael Puff — Tue, 14 Dec 2004 21:15:00 GMT

Thank you for your hint. I just found "SetConsoleMode", "ReadConsole" and "WriteConsole".

re: Why doesn't the RunAs program accept a password on the command line?

Raymond Chen — Tue, 14 Dec 2004 05:48:00 GMT

I leave that as a (simple) exercise. Look through the console functions.

re: Why doesn't the RunAs program accept a password on the command line?

Michael Puff — Tue, 14 Dec 2004 05:36:00 GMT

May I bring back your attention to my question once again?
"By the way, how is the keyboard input surpressed while typing the password?"

re: Why doesn't the RunAs program accept a password on the command line?

Raymond Chen — Tue, 07 Dec 2004 23:03:00 GMT

I already gave a link to EPAL in the article.

re: Why doesn't the RunAs program accept a password on the command line?

Kimmo — Tue, 07 Dec 2004 22:43:00 GMT

Thanks Raymond,

I appreciate your comment about the security issues of using an application that uses CreateProcessAsUser. In my, and I guess, others as well, circumstances this is the best we can do to be able to run processes with elevated privilgeges. Do you have some other alternatives that would be sufficent secure?

Kind regards //
Kimmo

re: Why doesn't the RunAs program accept a password on the command line?

1 Litre — Mon, 06 Dec 2004 10:33:00 GMT

Raymond:

On my home PC, I'll take that tradeoff - I need an account where the kids can play Age of Mythology without being able to run all over the hard disc. Most of the utilities mentioned on this thread are "good enough" for what I'm doing, on a firewalled machine that doesn't use IE/OE.

(Though IMO the fault lies with the application here - for a game (and an MS-badged game, at that) to require Administrator rights is completely nuts. As long as stuff like that exists, home users won't use limited-access accounts).

re: Why doesn't the RunAs program accept a password on the command line?

Raymond Chen — Sun, 05 Dec 2004 18:29:00 GMT

It doesn't matter how much you encrypt the password. It gets passed in cleartext to CreateProcessAsUser - that's where the hacker attacks. Once there, you have the password after it has been decrypted. Good-bye security.