Because their policy is to not give admin to a user if you don't want them to ha... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		dwattttt on Oct 26, 2024 \| parent \| context \| favorite \| on: New Windows driver signature bypass allows kernel ... Because their policy is to not give admin to a user if you don't want them to have control of the computer?

kchr on Oct 27, 2024 [–]

Even approved and trusted admins can be a liability (disgruntled employee, social engineering). Like OP said, mandatory access control (MAC) implementations like SELinux can be used to even further restrict what an administrator (or process running with admin privileges) is allowed to do.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact