|
|
|
|
|
|
by davexunit
4086 days ago
|
|
|
>If anything, it weakens the traditional unix security model because now the running user owns the binaries, running processes can modify them. This is a great issue to point out. This is why package managers like Nix and Guix (and maybe others I do not know about) use an immutable store for package builds. Unprivileged users may still install and use the software in the store, but the Unix security model prevents them or a malicious process running under their user account from corrupting what has been built. |
|
|