One has to assume that the goal of this project is not to protect against such an attack - no software really can - and instead to secure as best one can the software side. I'm not convinced they've done a good job of that either. Using a non-root user is a trivial thing to do but puts in all the security that Unix has had by default for more than thirty years. Using SELinux and containers these days is a no-brainer for building an operating system secure against software attacks. They really need to set the bar much higher.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds