Freigeben über


"LUA Bug" demo app

I do a lot of presentations on how to identify and fix "LUA bugs" in applications (*), both for Windows XP and Windows Vista.  I frequently use a little VB6 application to demonstrate writing to various portions of the file system and registry, write to .ini files in protected locations, restart services, explicitly check for admin rights, etc.  People have asked me to post that app to my blog so that they can use it too.  So here it is, including the VB6 project/source code.

As is, no support, hopefully it's self-explanatory! 

Chris Jackson has a more elaborate demo app with full lab script, geared toward application compatibility tools and techniques on Vista.  You can get it here.

(*)  "LUA" = "limited user account", a.k.a., "non-admin", "standard user"
"LUA bugs" = application or feature of an application that 1) works when run by a member of Administrators or Power Users; 2) fails when run by a standard user; and 3) has no valid business or technical reason for requiring administrative control over the computer.

LuaBugs_VB6.zip

Comments

  • Anonymous
    November 07, 2008
    Lua is a programming language. Can you stop saying Lua bug and say 'limited user account' bug instead please? [Aaron Margosis]  Sorry about that, but terms and acronyms get re-used all the time.  A Wikipedia search turns up multiple definitions for LUA, including the programming language you refer to as well as to the least privilege concept that I refer to.  And that doesn't even include Microsoft's LUA ("Logical Unit Application") programming interface exposed by Host Information Server.  We'll just all have to find a way to get along. :)

  • Anonymous
    November 07, 2008
    Thanks Aaraon, and also thanks for very good presentations here at TechEd! [Aaron Margosis]  Thank you!  I hope I can come back next year!

  • Anonymous
    November 06, 2009
    The comment has been removed

  • Anonymous
    November 06, 2009
    Let me add that the game/app writers have to take some heat for this as well by 'requiring' elevated privs to run.  I.E. Punkbuster, Steam etc, etc.... [Aaron Margosis]  Mike, are you trying to install the applications as a standard user?  Most applications need to be installed by an administrator.  Once it's installed, very few applications should require administrative rights and should be able to be used by a standard user without requiring an admin to enter a password. Log in as an administrator and install the games, then have your son log in.  If the app still demands admin rights, then there's probably something faulty in the app.