| ▲ | hamburglar 2 hours ago | |||||||
And “find” can easily execute arbitrary subcommands, which may not be readonly. | ||||||||
| ▲ | angry_octet 2 hours ago | parent [-] | |||||||
We need a new suite of utilities with defined R/W/X properties, like a find that can't -exec arbitrary programs. Ideally the programs would have a standard parseable manifest. I've seen this before with sodoers programs including powerful tools. Saw one today with make, just gobsmacked. | ||||||||
| ||||||||