On one hand, I thought of policies as the correct way to do stuff, since the user (root) then gets to decide who gets what.
But considering the lack of good enough defaults and that most users won’t even know where to look at, I guess we do need additional security features in this case.
For once, it would be good to find a way to reliably let a process (providing said endpoint) know which other process is trying to access said endpoint. This, combined with the root locations (like /bin, /usr/bin etc.) not being writeable without root privileges, should make it possible to have adequate security options in the program itself.
On one hand, I thought of policies as the correct way to do stuff, since the user (root) then gets to decide who gets what.
But considering the lack of good enough defaults and that most users won’t even know where to look at, I guess we do need additional security features in this case.
For once, it would be good to find a way to reliably let a process (providing said endpoint) know which other process is trying to access said endpoint. This, combined with the root locations (like /bin, /usr/bin etc.) not being writeable without root privileges, should make it possible to have adequate security options in the program itself.