|
|
|
|
|
|
by kitsunesoba
1187 days ago
|
|
|
Of course, but that just means that said daemons need to be reworked to not have access to everything either. This is why there's a push to do as much as feasibly possible in userland in both macOS and Linux, so even when a bad actor tries to route through system components the blast radius is limited. Realistically, they should be sandboxed too — an audio daemon for instance has no business directly accessing storage or network facilities for example. |
|
|