**Amitai Schleier** @schmonz · Dec 27, 2017, 13:53

**Amitai Schleier** @schmonz · Dec 27, 2017, 13:53

Amitai Schleier @schmonz

I believe “after” is better, and these before-and-after diagrams are intended to help you agree. Are they succeeding? What might help more? https://octodon.social/media/gB9mPczQad9rQbK6-ok https://octodon.social/media/S-81mM_N1LCxe7ORy1U

**MightyBigCar** @MightyBigCar · Dec 27, 2017, 15:17

**MightyBigCar** @MightyBigCar · Dec 27, 2017, 15:17

@schmonz "what might help?"

Knowing which is before and which is after would be helpful.

**Amitai Schleier** @schmonz · Dec 27, 2017, 15:35

**Amitai Schleier** @schmonz · Dec 27, 2017, 15:35

@MightyBigCar ha! Indeed. Left is old, right is new hotness. In context, they’ll each appear in a naked section of the page with more details.

**MightyBigCar** @MightyBigCar · 2017-12-27T16:33:41Z

MightyBigCar @MightyBigCar

@schmonz ok, it depends on the definition of better. It looks to me like the attack surface is smaller in the before state (that is, there are fewer operations performed as root, meaning fewer chances that there will be an exploitable bug that can give the attacker root privileges).

Dec 27, 2017, 16:33 · Tusky · 0 · 0

**Amitai Schleier** @schmonz · Dec 27, 2017, 17:18

**Amitai Schleier** @schmonz · Dec 27, 2017, 17:18

@MightyBigCar that’s a very reasonable reading. I’ve tried to address that in the web page where these graphs might appear, which I’d better just link to already: https://schmonz.com/qmail/acceptutils

**Amitai Schleier** @schmonz · Dec 27, 2017, 17:19

**Amitai Schleier** @schmonz · Dec 27, 2017, 17:19

@MightyBigCar also, ha ha autocorrect. “Naked” meant to be “named”