i mean? why did you download the malware in the first place
@ezio@akko.wtf Many people would agree that it's the software's fault, but that "software" is called Windows... Apple has basically banned this behavior on macOS - an executable must include all the correct library paths embedded within itself, just putting a library inside the search path won't work, you'll get a library not found error, and LD_PRELOAD-like behavior is also banned. It's a pain for development, you need to massage your build system otherwise you get wrong paths and OS refuses run it, but they kinda have a point... (what, just replacing the default library with your own, who could've imagined that? /s)
- replies
- 2
- announces
- 2
- likes
- 3
@Hyolobrika@social.fbxl.net You can create similar security policies for yourself on Linux with SELinux or Trusted Path Execution.
Restrictive security features != Anti-user security features, even if it globally on by default and makes some tasks inconvenient. It only becomes anti-user if the user has no power to turned it off. The problem is never about the policies themselves, only who has the final say.
Many inconvenient security features can be useful. Allowing everything to attach a debugger to everything else is surely convenient for development, but it's not something I'm going to allow on my server. As a result, debugging can be a pain but the global ptrace ban remains on my system anyway, as the pros outweigh the cons.
@Hyolobrika @ezio @niconiconi say what? You have to assume the user is compromised or malicious. Yeah, you need to make sure your other ducks are in a row, but if the user gives up their creds and MFA (whether at the end of a phish or a crowbar), you're done if you're not controlling your users.