Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Security: It's possible to debug elevated (UAC Win32 perms) WSL processes from non elevated ones. #626
referenced this issue
Jul 4, 2016
@zhykzhykzhyk you're right, I did not think about that. There are probably many way to use an elevated bash to perform uac bypass, and the only sane way to close all the hole seems to be more mapping between Wsl and regular Win security. However simply mapping root to admin is problematic because of the usage model: non-admin users would not be able to administer their wsl instance.
So I guess running bash as elevated should always be considering as a risk of allowing UAC bypass, and the users should be at least warned about that.