|
|
|
|
|
|
by johnnyjeans
312 days ago
|
|
|
you're right, but sec is about threat profiles. there's a point where selinux, firejail, etc. aren't enough either. even a virtual machine may as well be wet rice paper to an alphabet soup agency. you should very much assume that even airgapping isn't enough, unless it's inside of a faraday cage. xorg security measures are a different matter from stopping any random program from writing to your filesystem. broaden the conversation to be about all security across all attack surfaces under all conditions and nothing is safe. i'm still not gonna run everything as root. |
|
|
Edit: other than sandboxing, but I'm targeting this at the Great Wayland Security Theater.