On Mon, Sep 23, 2019 at 01:38:13PM -0500, Ty Young wrote:

...among a whole lot else I'm probably forgetting.

You're forgetten one very important thing:

  https://web.archive.org/save/_embed/http://safr.kingfeatures.com/idn/ck3/email/zone.php?r=a%3A5%3A%7Bs%3A32%3A%2254d8566c10474186daf7afad5e278446%22%3Bs%3A4%3A%22yEzN%22%3Bs%3A32%3A%22db39b16217194b9c4572eaee71c6d9d4%22%3Bs%3A8%3A%22%3D%3DgMxITM%22%3Bs%3A32%3A%22e423795a96f7ae758972343e1e1abe63%22%3Bs%3A12%3A%22%3DcTMzAjNxAjM%22%3Bs%3A32%3A%22d455c859707761b953418a1a46638948%22%3Bs%3A4%3A%22%3D%3DQM%22%3Bs%3A32%3A%22157e8ad5f0a597dbf7f9c967dfc889dd%22%3Bs%3A24%3A%22%3D02bj5SbvR2Zul2azNWat92Y%22%3B%7D

As the old saying goes, "You catch more flies with honey than vinegar"

The saying is true but given the context there is more complexity to the story.

If a user runs a malicious program as their account you might not have the keys to the kingdom but you still have the keys to the front door. This is especially true if they are the only user on the system. The user account is the lowest hanging fruit which takes the least effort to compromise and do malicious things with. The Gentoo wiki even stated this to be the case.

Sure you might(?, I've never set an application to launch on startup under Linux myself...) not be able to be persistent across reboots but you need to be? Maybe the user rarely shuts down their computer. Does being persistent even matter at that point?

 - Solomon

_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org