Stefan Eissing on Nostr: With my limited understanding of Windows, it seems that the recent "admin process ...
With my limited understanding of Windows, it seems that the recent "admin process deletes a file" privilege escalations are just happening because MS implemented a weird symlink/rollback logic used for MSI like things.
This breaks what DeleteFile() normally does, e.g. only removing the link. This seems a really broken design.
Would love to hear from someone more knowledgable if I understood this correctly.
Published at
2025-01-16 14:22:02Event JSON
{
"id": "830005688fbfeb6c009dd34d225e99518e83cc6bfcc663c8ca901b365b972b0c",
"pubkey": "f173ca7ed8f3adf61d35abb4915401c1d01b59463e62ab7afdac428612559580",
"created_at": 1737037322,
"kind": 1,
"tags": [
[
"proxy",
"https://chaos.social/users/icing/statuses/113838477971204235",
"activitypub"
]
],
"content": "With my limited understanding of Windows, it seems that the recent \"admin process deletes a file\" privilege escalations are just happening because MS implemented a weird symlink/rollback logic used for MSI like things. \n\nThis breaks what DeleteFile() normally does, e.g. only removing the link. This seems a really broken design.\n\nWould love to hear from someone more knowledgable if I understood this correctly.",
"sig": "f9cd78a99ee5910a05b2380cf555b9b545b3fab45879b5bf4ce41c589cd2ab2f62f98687d8ce1722eaa0d254cbda70e008bd3bf832bd9c3761f9584272aae4af"
}
