-
Notifications
You must be signed in to change notification settings - Fork 8.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sudo/command line only elevation? #146
Comments
So I know there have been a LOT of discussions about getting a "sudo for Windows" built. I'm not sure that we have any concrete plans in place, but I know it's something a lot of us want. I'm certainly not the person to be asking about this - perhaps @bitcrazed or @yodurr can comment more? |
Thanks for the quick response! If I had to guess I'd say this probably would go to either whoever deals with UAC/token management or dev mode, but I don't know of any other Windows team that's as community friendly and easily reachable, so I figured it's worth a shot starting a discussion. It's really conflicting, because I've seen so many scripts that just pop up the UAC dialog, and I could throw something together for myself that doesn't, but I can only fix the annoyance issue, not the "things being designed around the platform not supporting this" one. |
While we're not able to give you a firm timeline right now, I can echo @zadjii-msft's comment - we are sooooooooo keen for "Add sudo" to bubble up our priority list so we can get to work on it :) As with anything to do with security, we will be working with the Windows core security & management teams to make sure that we "do it right". |
Good to know it's on the list, that's about as much as I can ask for. Thanks! |
@parkovski - If that's all you can ask for, I fear for your imagination :D ;) |
Hey now. I can ask for chocolate and berries to be a healthy diet or for politicians to stop pitting people against each other, but realistically all I'm gonna get is command line elevation. |
Chocolate isn't healthy? Pfffft! |
This will likely depend on ConPTY or something, as it’s currently impossible to get the STDOUT, STDERR or STDIN of an elevated process from a non‑elevated process :( (I know as I tried to implement a |
We need a full sudo, not just a "run as admin in terminal". Sudo allows to run arbitrary commands as arbitrary users, following it's configuration. |
Not terminal related, but I have a pretty good PowerShell sudo that has been working well for me in Windows. Edit your profile:
Add the following function sudo {
Start-Process -Verb RunAs -FilePath "pwsh" -ArgumentList (@("-NoExit", "-Command") + $args)
} Then invoke in your shell. Supports cmdlets, executables, anything that could normally be typed into a PS prompt: PS > sudo Remove-Item .\test.txt # Remove a file
PS > sudo Copy-Item .\test.txt C:\ # Copy a file
PS > sudo net start w3svc # Start IIS If you want to pass in a variable or expression that will be evaluated at run time, rather than pre-evaluated, wrap it in braces. For example: PS > $myvar = "a"
PS > sudo echo $myvar # $myvar is pre-evaluated, so the command reads: sudo echo "a"
PS > sudo { $PSVersionTable } # with braces, $PSVersionTable is not evaluated until it is run as administrator Remove |
@vsalvino Thanks, but this still requires UAC which is a no-go for some use cases (ssh). Unfortunately the only real solution to this is going to require a pretty decent amount of work. |
Did you have something material to add? I would be glad to unlock it for further discussion. However: it definitely feels like we covered all possible opinions over there. 😄 |
I don't personally have the knowledge to contribute anything to the discussion, other than my desire to see the feature implemented. In fact I'm barely able to understand why this has been considered a lost cause. I'd have to read through it yet again but what I've taken away from it over the years is that Terminal has effectively considered the issue "wontfix" due to the design choice of chaining itself to the MS store installation mechanics. Maybe I'm off base, but the point is, it wouldn't matter if I or anyone else did have something to contribute because there's no way to do so, aside from spinning up new issues or spilling over into others as I've regrettably done here. If the issue is in fact dead then perhaps it should be closed. Either way, if there's not going to be any further discussion allowed, at the very least it would be appreciated to see a summary of the decision and reasoning in the final post, so that it's clear to everyone where the issue stands. To be clear I'm not necessarily saying we're owed this, or that shutting down the toxicity wasn't warranted. |
Yes, given that OS Windows since Windows 7 by default doesn't use strict UAC prompt policy, it's really strange that so much security concerns around Terminal being user-friendly with elevated admin. tabs (and by user, here's mostly advanced users, not average Windows user). I'm thinking on making some custom profiles with |
the moment anything uses UAC (which requires GUI in it's current form), it can't be used in command line only mode. thus we are back to square one. the only ways that've been proposed so far to implement "a true command line only elevation mechanism"/sudo are :
regardless of whatever paths the Windows team comes up with; End of the day, It's a must have feature for Devs. |
I don't think any elevation implementations that need to enter the password in the console meet the security requirement. POSIX's sudo implementation can be easily bypassed automatically via pipe without any explicit notice to users if some malicious implementations know the password. I don't think it can meet the security goal for the Windows team. I think the password authentication must be finished on a separate desktop from a separate session. We need to recall the reason that Microsoft introduced the secure desktop to show the UAC window for receiving the user credentials. (There are some historic lessons. Many malicious implementations are really good at emulating the user inputs.) Kenji Mouri |
Actually I don't mind secure prompts in separate desktop session in UAC-style. I do mind, that I can't continue my work in the same window or at least in the near tab. This feature is missing for me as advanced user/IT specialist. But on the same time, Windows by default allows elevations without prompts for "safe" apps for whole public, including all not so experienced users... |
Yes, that's why I said "in a secure manner". It was already mentioned by somebody at #146 (comment) It requires that the Windows team implements "UAC's Secure Desktop" like feature but for a completely command lineish way/without any GUI prompt. |
In my opinion, no way to achieve that. Even the terminal can do that, but other 3rd-party apps that utilize the console pipe can't. Unless we input the random credential token with a short time (for example 5 minutes at maximum) expiration instead of the password in the console, and get that token in the secure desktop. Kenji Mouri |
I think Windows can introduce something like two-factor authentication which using the time-based one-time password (TOTP; specified in RFC 6238) and HMAC-based one-time password (HOTP; specified in RFC 4226). It may prevent some malicious implementations from emulating the user inputs easily and users can use Microsoft Authenticator on their mobiles to know the one-time password. Kenji Mouri |
actually anything is possible, if you think it hard enough and own/have access to the Windows Security source code. Brand New APIs from the Windows team is required. |
It's not possible even have the Windows source code due to the design of pipe and console, and they need to keep the compatibility. Kenji Mouri |
If the thing is possible, they already implement it before, lol. Kenji Mouri |
Hey there! Since there are so many people subscribed to this thread (and I'm sorry to be notifying them again) I'm going to lock it for now. If you want to talk about the potential implementation details for a "sudo for Windows"-like project, feel free to head on over to the Discussions section. That way, we can keep this issue open for people who have subscribed for status updates. 😄 |
Closing as we're shipping Sudo for Windows in Windows 11 Insider Preview Build 26052 For more discussion, you'll probably want to head to https://github.com/microsoft/sudo |
@zadjii-msft Just one thing, can you say anything about the note in that announcement? What's the long term plan for server? To just have people diy patch it in? As an optional feature? With the next version bump? That's probably the only thing that is still relevant for this ticket here.
|
@agowa I filed microsoft/sudo#50 to track sudo on Server - I'd go engage on that thread if you have anything we can use as business justification |
I'm not sure this is the right place to ask about this, but I can't think of where the right place would be, so I'm just going to list my thoughts on this.
Anyways, these are just my thoughts that I wanted to get out there. Happy to hear about any plans/concerns/a better place to have this discussion.
The text was updated successfully, but these errors were encountered: