- cross-posted to:
- technology@lemmy.world
- cross-posted to:
- technology@lemmy.world
Shipped in Windows 11 Insider Preview Build 26052. https://www.tiraniddo.dev/2024/02/sudo-on-windows-quick-rundown.html claims it has a big security problem that makes the program accept calls to elevate from anywhere once first run
Edit:
- The security problem has been internally fixed and will be available in the next release
- It’s not just an alias for ‘runas’. It seems to be able to configurably block user input for sudo’d commands, retain the existing environment, ditch it and open a new window, and remember that you’ve sudo’d in the last minute or so.
- It brings up UAC instead of having you input the password
This incident will be reported.
To our advertisers
“Would you like to buy some sudocrem?”
sudo rm -r -f windows
sudo rm -fr -fr windows
remove for real, for real
Wouldn’t work on powershell in which the options parser works very differently
In powershell you’d have to do -fo because there’s —filter
sudo stop redirect capturing my back button
I fucking LOATHE their same page redirect every time I mistakenly click on a MS answers page
It’s even worse because if you’ve found your way to MS answers you’re clearly desperate because nothing came up on a real site. So you’re already in a bad mood and then - BLAM - redirect!
And then the answer is posted twice in a row from the the same expert and reads: “thank you for contacting Microsoft Answers. We are closing this thread as it’s reached the maximum age of -21479632”.
I hate how every recommended answer is some copy paste guide on how to reset the PC. If that is your go to fix for everything you’re a garbage technician.
Thankfully you can right click the “back” button and it’ll give you a list of couple of last sites and you can just so it from there. It is still annoying though.
I’ve added ms answers to my ublock filter. The site is worthless.
Sudo already exists, is it okay to just name a different program by the same name?
Guess which one Bing search will try harder to return.
I hate searching for sway config stuff using DDG (which returns Bing results).
Chances are never zero that that there is an outdated MS product with the same name of what you’re searching.
I feel this, I type swaywm instead now
Hold up. DDG returns Bing results? TIL. Is that true? How do we know? Do they state this, themselves?
https://duckduckgo.com/duckduckgo-help-pages/results/sources/
Most of our search result pages feature one or more Instant Answers. To deliver Instant Answers on specific topics, DuckDuckGo leverages many sources, including specialized sources like Sportradar and crowd-sourced sites like Wikipedia. We also maintain our own crawler (DuckDuckBot) and many indexes to support our results. Of course, we have more traditional links and images in our search results too, which we largely source from Bing. Our focus is synthesizing all these sources to create a superior search experience.
Wow okay. It’s not their only source, which I came to believe. That’s good, then. Thank you for the link and quote!
They are already doing it for other commands. Eg curl.
Welcome to 1980, Microsoft (or 1993 if you’re feeling really generous).
Finally! The day I’ve been waiting for so long. Goodbye Linux, hello Windows!
- nobody ever
In your mind, do you really think that is the intention here? Seems more like a convenience for people who use both Linux and Windows.
I have to use both so I welcome it.
Seriously. My home PC runs Linux primarily, but I sysadmin both Windows and Linux at work and this will be very convenient. Forgetting to run PowerShell as admin is always frustrating, especially when I have the commands and variables already established.
Install Linux already, get it over with. Windows has been and still is a sad joke, why pay for that crap?
Sure, tell my corporate overlords to do that, on thousands of computers across the globe.
At home i can do what I want, at work I have to bow down.
Because business uses Windows services, which are, by far, the most common. And when collaborating and sharing files is essential this is a major deal breaker. I love *nix but it just wouldn’t work as well in the business world until there are wide spread services that replicate or do better than what Microsoft does with enterprise support and pricing in mind.
People pay for windows?
You can get a legit Windows 11 key for like 5 bucks, no reason not to install it honestly. Even if only for dual booting, it can save you a lot of headaches.
Psst… massgrave.dev
A product key, which allows you to use Windows to its fullest, costs money to Microsoft.
That’s a myth that people need to stop spreading.
Microsoft is a business. Microsoft is also not stupid. If it cost them more to provide a product than it makes them, they wouldn’t provide it. They’re is a huge amount of examples of them doing this. They don’t provide it because they’re nicer guys.
Microsoft uses Windows, and all of it’s products, as a vehicle for Azure and advertisers. Everything they do feeds into that one way or another.
Microsoft stopped being a software company some time ago.
Sorry, I meant it costs money, which goes to Microsoft. It was poorly worded.
That makes sense. 👍
Most people here pirate it or get the price bundled with their manufacturer. It’s surprisingly easy
Ok, so yea just a “better” version of runas. I can see it being a bit easier when you just need to do the one thing as admin, but overall just opening an admin windows is still going to be the best way.
I really think the security issues makes it not worth enabling.
Yep. It’s basically an alias for:
runas /user:administrator
If you want to open a new command line window with admin privs you can always do:
runas /user: administrator CMD.exe
Which is of course on Linux this would kinda be like running:
sudo su
It’s not just an alias. It seems to be able to configurably block user input for sudo’d commands, retain the existing environment, ditch it and open a new window, and remember that you’ve sudo’d in the last minute or so.
Nice.
and i’m thinking about switching to doas.
Its much lighter, sudo goes outside of its intended purpose
Would love to use a smaller, single-user multi-account, version of sudo. If (on Debian based) doas can remember I entered the password a command ago in the same bash terminal, and had more adoption/eyes on it, then I’d use it.
Honest question: what am I missing out on with sudo?
looks like shit thanks
oh thank goodness! I have been waiting so long for this
Why wait? Linux has had sudo for over 25 years
And sudo itself has existed for over 40 years
sometimes I work on windows. I miss sudo when I do 🤷♂️
Soooo revolutionary and unique like Phone Link
What is sudo?
“Substitute user do”, most commonly used on Linux to run your command as superuser (think admin mode on Windows)
That still sounds so weird, as opposed to the old “super user do”.
Ah, I understand, thanks
Did they ask for permission first? :p
sudo winget install sudo
Tell me it has a better configuration format than sudo.
(I’ve ditched sudo for OpenBSD ‘doas’ across the board ever since it made its way into debian’s repos)
Also switched to doas on Arch. Works great.
I wonder if “
please
” is nice too, but it’s such a long word to type.pls
better configuration format
Well, there’s only three choices to choose from and set through a command, soooo…