1. 4
  1.  

  2. 2

    Whilst allowing privilege changes using this mechanism should allow the privileges to be set in a far more granular manner, it will require significant changes to how processes gain and drop privileges, something we’re likely to see exploited in due course.

    This is interesting and I would love to follow up on it. I feel like we don’t see much use of privileges outside of containers, but I’m curious if the security literature has any instances of this type of attack being leveraged.