Steamをインストール
ログイン
|
言語
简体中文(簡体字中国語)
繁體中文(繁体字中国語)
한국어 (韓国語)
ไทย (タイ語)
български (ブルガリア語)
Čeština(チェコ語)
Dansk (デンマーク語)
Deutsch (ドイツ語)
English (英語)
Español - España (スペイン語 - スペイン)
Español - Latinoamérica (スペイン語 - ラテンアメリカ)
Ελληνικά (ギリシャ語)
Français (フランス語)
Italiano (イタリア語)
Bahasa Indonesia(インドネシア語)
Magyar(ハンガリー語)
Nederlands (オランダ語)
Norsk (ノルウェー語)
Polski (ポーランド語)
Português(ポルトガル語-ポルトガル)
Português - Brasil (ポルトガル語 - ブラジル)
Română(ルーマニア語)
Русский (ロシア語)
Suomi (フィンランド語)
Svenska (スウェーデン語)
Türkçe (トルコ語)
Tiếng Việt (ベトナム語)
Українська (ウクライナ語)
翻訳の問題を報告
If set up correctly there are NORMAL users, ADMINS and the COMPUTER
normal users are called "users"
Admins are "administrators"
the computer is "System"
In a correctly set computer (eg one in a big enterprise) most people only ever get user rights. theres possibly 10 or so people in a fleet of 50,000 devices that would have administrator rights.
System is reserved for jsut the computer.
(there is finer control beyond that).
Now what that means is taht anything that is run by a user is run as a "user" account, which should allow them to run all their applications, their vr games and get to the magical land of the interwebs.
Anything that can possibly screw things up (install of new software, drivers, allow a virus or trojan or some attack to comprimise the system) needs an Administrator or System.
The thing with steam is, to avoid all those annoying UAC "are you an admin" prompt they've gone and dropped the security for secure part of the systems, allowing USERS to breach that wall and run stuff as system. More importantly, you goto a webpage, get some safe app or word document on your pc, and run it and then it takes over your PC as an entry way.
A few things to keep in mind are:
Most home PCs are setup crap. One user account (or maybe a couple) who all have admin rights
A way to test this is to do:
Start -> Run -> cmd (right click, run as administrator)
It SHOULD popup a UAC prompt (if it does not, it fails badly)
It should ALSO ask you for a password and user name, if it does not. fail
For healthy devices (which should include all large businesses) the permission issue where you can create a symbolic link or replace files is bad. It can be locked down and there is software that monitors dodgy behaviour as well out there (Microsoft ATP, FireEye, McAffee ATP, CrowdStrike, Sophos UTM) which will stop/shut these attacks down, but generally the root cause should be fixed.
As for what a symbolic link is, it's basically like a shortcut, except the system will generally see it as a real file.
Or a portal, or like a rebadged car. You look at file or regkey that says "Chevrolet SS or Pontiac G8" but secretly, it's pointing at "friendly Holden family car" underneath.
There are work arounds by reconfiguring the service and just changing the permissinos manually on the folders, but Valve appears to be doing that so it'll probably get fixed soon. hopefully before I get back to work tomorrow.
As Veldrik very eloquently said, this all is more or less a moot point because most people use the default user on their Windows installs and this one already has admin privileges and many people do install Steam in the default "C:\Program Files (x86)\Steam" location, which is per default a protected folder and problematic for games which most of them expect their own application folder be writable. This is also the reason why Valve made these permission changes.
Therefore it is a bit silly to cry Sodom and Gomorrah if the logged in user mostly already has administrative privileges in most cases.
This all wouldn't be an issue if Microsoft would make the normal user account a standard user and - for good measure - crank up the UAC up to the max. The latter was originally so, but many people saw that as an insult whenever this came up....
so, somebody lies to us again?)
{リンクが削除されました}https://habr.com/ru/company/pm/blog/462479/
You know, this is really a moot point to fix, if you are already have admin privileges on your account which I guess about 90% of the Windows users are because they did not care to make a proper user account for themselves.
Thats correct. You can always symlink something aslong as a) the target/source exist and b) you have permissions.
The steam bug is driven by permissions, and those permissions are currently incorrect. Until they change the hklm path Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam to have user set to read Read=Allow;Full Control=Deny, the symlink will exist.
The other vulnerability (similar problem, different CVE) is that Steam folder also has incorrect permissions (default: C:\Program Files (x86)\Steam)
Regarding shakeyourbunny"'s comment, his comment is spot on (in that it makes the bug irrelevant to most people as they are already in a worse state):
"This all wouldn't be an issue if Microsoft would make the normal user account a standard user and - for good measure - crank up the UAC up to the max. The latter was originally so, but many people saw that as an insult whenever this came up...."
The vulnerability really only exists for people who have "secure" devices.
They could just make new installs default per user (license of games is per user account anyways) and put it in %appdata% and HKCU.
Main downsides of this scenario with the current state of the steam client:
- all downloaded games must be redownloaded for every user on the system. This may fill up the hard drive quickly.
- only one user can launch Steam, because the configuration of the client (and the application files including service executables) are pointing in the user's home directory.
If you wanna support multiple users with the steam client, you will have to get rid of the Steam Service.