| This is simply a false sense of security, and is worse than just using setuid. CAP_SYS_ADMIN is an extremely serious capability that is effectively as powerful as root. It also required users to be in the input group, which allows any process to keylog the entire system. | ||
|---|---|---|
| .. | ||
| direct-freebsd.c | ||
| direct-ipc.c | ||
| direct.c | ||
| logind.c | ||
| meson.build | ||
| noop.c | ||
| session.c | ||