On 2016-12-21 22:56:06, Dmitry Bogatov wrote:
> [2016-12-20 22:10] Russ Allbery <r...@debian.org>
>> Hm, transient IDs is an interesting idea. In a lot of cases, we create a
>> system user just to isolate the running daemon, not to control file system
>> access. The drawback, though, is that one has to have a really clear idea
>> of what resources the process would need in order to make sure this is
>> safe. (A much clearer idea than the understanding we need to know when
>> it's safe to delete a system user, I think.)
>
> You just gave me good idea. What about not removing $HOME, but chowning
> it to root? I mean, on install we create user and if its $HOME already
> exists, just chown it.
You would need to check for suid binaries, among other traps.
a.
--
Arguing for surveillance because you have nothing to hide is no
different than making the claim, "I don't care about freedom of speech
because I have nothing to say."
- Edward Snowden
