On Mon, Oct 20, 2003 at 10:01:14AM +1100, Michael Sharman wrote: > Well known security principles such as "least privilege" are > equally about stopping accidental damage as they are about > stopping malicious damage.
Precisely. If /usr doesn't *REQUIRE* rw in order to function, it should not have it. The argument here has been totally reversed, arguing about why not remove a privilege. That is not a security argument. The argument must be about why it must *GIVEN* rw.
