In your world, I guess we should get rid of all access restrictions in Linux, because the kernel I'm
running may have some exploitable vulnerabilities, so any access restrictions are completely
In the real world, people do run multiuser linux machines.
Security is not black and white, there is such a thing as more secure and harder to break into.
This is one more link in the chain, designed to help secure single-user machines. Now, not only
do you need to be running a vulnerable JPEG rendering library to have your files stolen, you
*also* need to be running a kernel which is exploitable in the limited attack surface presented to
the JPEG decoding process.
Surely it's a good thing to attempt to limit the attack surface?
> where did you say your most valuable personal box can be accessed again ;)?