Re: BUG with RES/SCRIPT/XP-SP2
- From: ATS <ATS@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 2 Feb 2007 06:10:01 -0800
I glad someone is reading this post. I wish a Microsoft rep would at the
least address how to get the "Mark as Web" to work for CDHtmlDialog. Or point
to samples of CDHtmlDialog overriding the Local Machine Zone Lockout without
me having to do it myself.
As for the notion that HKLM is protected. No, its not. Someone always has
GOD privileges over it. Cause if no one has such super ultra high security to
it. Then the OS would not work. You may deal with end users. I deal with
services, and we have to have 100% access to anything and everything. And
when we code such things, and deal with bugged applications that do not
return proper error messages, it is quite annoying. Especially when it is
changed and not made to be backwards compatible.
"Joseph M. Newcomer" wrote:
Which is why HKLM is protected. Most programs can't access it for modification. In my.
email machine, most of the Registry is locked down and inaccessible for modification. So
there is no reason to presume that the act of running an executable could allow you to
bypass security.
Note that in Vista, there is no administrator account, and most of HKLM is inaccessible
for modification by any program. So you couldn't issue those calls in any current or
future machine that was correctly administered, that is, where the user was not logged in
with administrator rights.
I just can't imagine why any script would be allowed to bypass security. Ever.
But I absolutely, fully agree with you that the messages are crap; they were designed in
an era when it was assumed that no program could ever fail to access whatever part of the
Registry it felt like, all the file system was fully read/write, etc. Since I have locked
down nearly all directories on my email machine except those required for email, browsing,
and downloads, it is amazing how many programs fail and with what meaningless error
messages. Sadly, most of these are written by Microsoft.
I think it is time they got a decent code coverage tool and made sure that all failure
paths issue error messages that make sense.
joe
On Wed, 31 Jan 2007 10:11:00 -0800, ATS <ATS@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Joseph M. Newcomer,Joseph M. Newcomer [MVP]
When one has a compiled EXE running, they can pretty much do anything
already. Including getting to IInternetSecurityManager and
IInternetZoneManager, which will let one override the Local Machine Zone
Lockout. But even easier than that, one can use simple registry calls to
change the:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LocalMachine_Lockdown
And add your app to it to bypass the Local Machine Zone Lockout.
The BUG(s) I'm reporting are on 2 issues. One is that the CDHtmlDialog
should (by default) automatically bypass all security like it was launching
HTAs, so that it will be backwards compatible. After that, CDHtmlDialog could
then provide options to turn on security. The other issue is that the error
messages from IE and CDHtmlDialog do not indicate security as the cause for
why they will not run certain HTML.
Also, it appears that the "Mark as Web" is not working for CDHtmlDialog,
despite documentation.
email: newcomer@xxxxxxxxxxxx
Web: http://www.flounder.com
MVP Tips: http://www.flounder.com/mvp_tips.htm
- Follow-Ups:
- Re: BUG with RES/SCRIPT/XP-SP2
- From: Joseph M . Newcomer
- Re: BUG with RES/SCRIPT/XP-SP2
- References:
- Re: BUG with RES/SCRIPT/XP-SP2
- From: Joseph M . Newcomer
- Re: BUG with RES/SCRIPT/XP-SP2
- Prev by Date: Re: MFC, Threads, PostMessage, and Reentrant WindowProc
- Next by Date: Batch file and MFC (Properly Terminating Application)
- Previous by thread: Re: BUG with RES/SCRIPT/XP-SP2
- Next by thread: Re: BUG with RES/SCRIPT/XP-SP2
- Index(es):
Relevant Pages
|
