A
#NixOS contributor is proposing a change to prevent SUID programs to be run without argument. This would prevent issues such as polkit privilege escalation from yesterday.
https://github.com/NixOS/nixpkgs/pull/156822This has been the default on
#OpenBSD for a long time already, and
#hardenedbsd implemented it today too.
This is cool to see involvement in security enhancement.
