One of the problems exposed by research into #7 is that there are a lot of issues with safe /proc usage on older kernels (and many more kernel features are still required). We cannot error out by default if these features are not available (nobody will use libpathrs because it won't work on most systems). So we have to make it an opt-in for very security-conscious programs (or to allow a program to print a warning if the system is insecure, and then enable the less-secure lookups).
One of the problems exposed by research into #7 is that there are a lot of issues with safe
/proc
usage on older kernels (and many more kernel features are still required). We cannot error out by default if these features are not available (nobody will uselibpathrs
because it won't work on most systems). So we have to make it an opt-in for very security-conscious programs (or to allow a program to print a warning if the system is insecure, and then enable the less-secure lookups).