|
|
|
|
|
|
by hedora
1440 days ago
|
|
|
I suspect you are conflating security regulations for Unix users with regulations targeting users of the system. Why would a regulatory framework care if a Linux box running one process was vulnerable to attacks that involve switching UIDs? Converse, why would that same regulatory framework not care if users of that network service were able to impersonate each other / access each others’ data? |
|
|
But the control frameworks are silly sometimes. Then add in that they’re enforced by 3rd party auditor consultants looking for any reason to drag it out.
And yeah, I tried to get this past them for a old singleton system to avoid having to buy a bigger non-standard server.