The Principal of Least Privilege is the concept of running with the lowest permission set possible. Historically we developers tend to run on accounts that have Administrator level privileges. It's been talked about over and over that we shouldn't so I'm not going to get into that here. We know that we should, but we're either to lazy or not able to accomplish this feat.
I just got a new laptop and I was setting it up last week when I ran into some interesting things. I'm running Vista with least privileges and I didn't even notice or care. Then I tried to install a couple of developer tools into the Program Files folder and run them. Sure I got the now infamous prompt "Are you sure?" that Vista is known for, but that wasn't the problem. I actually didn't mind it since I was xcopy-ing files into a semi-system folder. I don't want that to happen without me knowing.
Instead the thing that really got me worked up happened when I went to run them. Both applications failed to run successfully for roughly the same reason: trying to write to the application's installation directory. When I looked into the error logs, both application were trying to save user configuration files (like settings and most recent files) to their directories.
Why? Haven't we as developers gotten past this back, oh, when we were working in VB6 (or whatever you worked in at that time)?
It was so bad that one application had to be killed from Task Manager to get out of it. You couldn't shut it down in any other way. To the folks who wrote these apps (and got sternly worded defects logged by me), I can't believe that you'd do this. Especially with the reason (yes this is what I was told by one) that "...we didn't want to spread files related to the application all over the file system..." Anyways, Least Privilege is tough to accomplish. I don't need to be hindered by the tools that I'm using on top of everything else.
posted @ Monday, April 07, 2008 9:29 PM