将 CurrentUser 的 ExecutionPolicy 设置为 Unrestricted 是否存在安全漏洞? [英] Is setting ExecutionPolicy to Unrestricted for CurrentUser a security breach?
问题描述
我有几个我喜欢在 Windows 10 上的 PowerShell 中使用的别名.
I have a couple of aliases I like to have in my PowerShell on my Windows 10.
我希望它们在会话之间保持不变,因此我将它们放在 C:Users{username}DocumentsWindowsPowerShell 下的 profile.ps1 文件中.
I want them to persist between sessions, so I have put them in a profile.ps1 file under C:Users{username}DocumentsWindowsPowerShell.
我收到这个烦人的无法加载,因为在这个系统上禁用了正在运行的脚本".错误消息,并找到了有关如何摆脱它的页面:https://social.technet.microsoft.com/Forums/en-US/3e4a9006-d47d-4e19-96f4-10327ae0c5b1/not-able-to-run-script-in-windows-10?forum=winserverpowershell
I am getting this annoying "cannot be loaded because running scripts is disabled on this system." error message, and have found this page on how to get rid of it: https://social.technet.microsoft.com/Forums/en-US/3e4a9006-d47d-4e19-96f4-10327ae0c5b1/not-able-to-run-script-in-windows-10?forum=winserverpowershell
这里有人说这条线会有所帮助:
In here someone says that this line will help:
Set-ExecutionPolicy Unrestricted -Scope CurrentUser -Force -Verbose
但是将执行策略设置为对我的用户无限制有危险吗?
But is it hazardous to just set the execution policy to unrestricted for my user?
推荐答案
ExecutionPolicy
不是安全边界.正如有人在评论中的其他地方所说,这是一项安全功能.想想安全带不是门锁.但是安全带可以降低风险,因此使用它们总比不使用要好.ExecutionPolicy
降低了无意中运行恶意代码的风险.一般推荐的最低策略是RemoteSigned
.
ExecutionPolicy
is not a security boundary. As someone opined elsewhere in a comment, it is a safety feature. Think seat belt not door lock. But seat belts mitigate risk so it's better to use them than not. ExecutionPolicy
mitigates the risk of unintentionally running malicious code. The generally recommended minimum policy is RemoteSigned
.
这篇关于将 CurrentUser 的 ExecutionPolicy 设置为 Unrestricted 是否存在安全漏洞?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!