|
|
|
|
|
|
by IcePic
484 days ago
|
|
|
> Why should I expect a program to set allowed syscalls/filesystem paths? Why would I trust that it will set itself the right permissions? Because the admin or owner will know FAR less about what a complex program needs at all times, and when it will be safe to drop privs. A database might be tested for a week and then it has a special snapshot thing done for the monthly backup and you did not foresee this, whereas the coders would know what perms are needed in order to do these dumps. Hence, you can't set perms just once before starting, and as a user of said software, you can't expect to just make a quick test and then design a fully working harness for it either. |
|
|