Hi Kenyon, this was indeed an intentional decision to allow us to reduce the potential attack surface of this high-privilege tool. It was relatively new and relatively under-inspected at the time and this seemed like a fair tradeoff.
At this point it's no longer new, but probably still under-inspected. Now might be a good time to consider turning it back on again. I wonder what it would be like to write an AppArmor profile for these tools first...
Hi Kenyon, this was indeed an intentional decision to allow us to reduce the potential attack surface of this high-privilege tool. It was relatively new and relatively under-inspected at the time and this seemed like a fair tradeoff.
At this point it's no longer new, but probably still under-inspected. Now might be a good time to consider turning it back on again. I wonder what it would be like to write an AppArmor profile for these tools first...
Thanks