This gives the application write access to home directory and allows executing arbitrary code outside sandbox through injection to eg .profile or other files. If the app really needs access to home, it should be read-only. Why does it need home access in the first place?
This gives the application write access to home directory and allows executing arbitrary code outside sandbox through injection to eg .profile or other files. If the app really needs access to home, it should be read-only. Why does it need home access in the first place?