Today’s slashdot article references a program built by NeoSmart called iReboot. NeoSmart says that they’ve manged to create a way to work around Windows Vista’s UAC system. Their method involves making a system daemon run at startup and then having a userspace program interact through standard interprocess communication. Yet somehow, they see this as a Vista security flaw.

Linux can do pretty much the same thing, yet people don’t point at it and say it is an insecure method. There already is an elevated privilege daemon running on a modern Linux system called HAL which lets regular users do things that only root should be able to do. Previously, the only way to reboot a system was to be root, who has the privilege to run /sbin/halt. Now, you send a message through the DBUS to HAL, who in turns calls halt, or more likely does a regular system call into the kernel.

The main difference between these two systems of rebooting into a different operating system is that DBUS was thought out to be secure from the start. DBUS relies on the concept of POSIX user accounts to make sure that only certain users or groups can access certain DBUS interfaces. But of course, DBUS was meant to be a generic interprocess communication system easier to use and much more capable than a homemade and likely platform-dependent system of unix sockets or even IPC signals. iReboot still uses the same principle, except that it isn’t as secure as DBUS. It doesn’t need to be, because there isn’t any security loss with a one- or two-user desktop.

As Raymond Chen says in his “When People ask for Security Holes as Features” series, some people are just stupid. They don’t understand the complications of how something like security works. They want silly things like asking the system for the user’s password while being blissfully naive. At the end of NeoSmart’s release post, the writer says that UAC’s separation of privileges just “gets in the way” of programmers who want to do simple things. Let’s face it, Unix-based operating systems have managed to deal with this ‘flaw’ for years. Through the efforts of ConsoleKit and DBUS, fine-grained granting of permissions has made ‘working around’ this issue a bit easier in recent times. The administrator just needs to specify which users can do what. No UAC dialogs, no need to enter the root password (unless the administrator desires it).

If NeoWin thinks this is a problem, they should have a careful look at any programming language in general. Just because it has a function to delete a file, does that mean that the language should remove that function because it could easily be abused?