> > > The guy can be some stupid binary software with an "if(uid!=root) bail();" > > > > People running arbitrary binary software requiring root on their systems > > deserve what they get. You can not work around this stupidity by ANY policy. > > that is not the case and is, in fact, the entire point of defining > policy. to define what the applications on the system can and > cannot do, irrespective of how "stupid" they (or their programmer), > or how malicious they (or their programmer) is / was.
Intelligent sysadmins know every setuid binary on their system. Unintelligent ones get owned.
