|
|
|
|
|
|
by hedora
1039 days ago
|
|
|
Fine fine-grained permissions systems like selinux end up introducing bizarre error conditions that are outside of upstream's test suite. Those error conditions are often exploitable. They also assume that having distributions and end users produce a multi-MB security policy written in an arcane, poorly-documented policy language will somehow lead to a correctly configured sandbox. I greatly prefer the OpenBSD approach, where the upstream application developer builds calls to things like pledge(2) into their program, and then tests that it behaves correctly before releasing it: https://man.openbsd.org/pledge.2 |
|
|