> On 31-Mar-2015, at 9:11 pm, Max Fillinger > <maximilian.fillin...@uni-duesseldorf.de> wrote: > > On Tue, Mar 31, 2015 at 10:10:31AM -0500, Joe Crivello wrote: >> I can't think of any other scenarios right now, but I'd be interested to >> hear if there is something I'm not thinking of... > > Another scenario might be a non-admin user trying to run an unauthorized > program. In that case, one could put the user's home directory on a > partition mounted with the noexec option, so there would be no need for > signing binaries. This still leaves open the problem with interpreted > languages that Martin mentioned, but signed binaries won't prevent that > either. >
Wouldn’t permission controls (groups) and a sudoers list be sufficient to give/deny access. How can a non-root, non-sudo user execute any application that requires privilege ?