On 24.09-11:49, Can E. Acar wrote: [ ... ] > > The guy can be some stupid binary software with an "if(uid!=root) bail();" > > People running arbitrary binary software requiring root on their systems > deserve what they get. You can not work around this stupidity by ANY policy.
that is not the case and is, in fact, the entire point of defining policy. to define what the applications on the system can and cannot do, irrespective of how "stupid" they (or their programmer), or how malicious they (or their programmer) is / was.
