And add correctly implementing capabiliti on top of that. Also lib cap or libcap-ng?
Sometimes having more choices isn’t advantage... Ondřej -- Ondřej Surý <ond...@sury.org> > On 10 Aug 2019, at 11:24, Marc Haber <mh+debian-de...@zugschlus.de> wrote: > > On Fri, 9 Aug 2019 10:27:31 +0100, Ian Jackson > <ijack...@chiark.greenend.org.uk> wrote: >> But there are other ways. Many traditional daemons can start as root >> and drop privileges. > > How many lines of code have been replicated all along those daemons, > how many security relevant bugs in this code did we solve it he last > decades and how many did we not discover yet? > > Greetings > Marc > -- > -------------------------------------- !! No courtesy copies, please !! ----- > Marc Haber | " Questions are the | Mailadresse im Header > Mannheim, Germany | Beginning of Wisdom " | > Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834 >
