On Mon, Apr 08, 2024 at 02:23:18PM +0300, ad...@osrc.rip wrote: > Btw wouldn't it be possible (and worth) temporarily revoking write access to > the user while it's being executed as root, and restoring original rights > after execution?
I think that would be a huge overreach. It would also lead to a whole lot of breakage. Imagine that we implement this change. It would have to be done in the shell, since the kernel simply offloads script execution to the interpreter. So, your change would essentially add code to the shell which causes it to change the permissions on a script that it's reading, if that script is given as a command-line argument, and if the shell's EUID is 0. Presumably it would change the permissions back to normal at exit. Now imagine what happens if the shell is killed by a SIGKILL, or if the system simply crashes during the script's execution. The script is left with altered permissions.