It would add fair bit of code, sure, but nicely isolated and not complex: It's three extra lines of code in the main function, and a separate utility to write the config.
Balance that against the fact that the server then never writes its own config - that code is moved into the configuration-writing application, which removes complexity from the server application.
> and in particular couple the application to a specific combination of operating system/privileges model/file system.
It does indeed couple it to those systems that are sufficiently POSIX-like; however if you are writing a server that doesn't run on a Linux or BSD-derived system, you are out in the left field anyway.
> How great is the benefit, really? How many things are exploited by the application writing to its own startup config?
Well, the comment I made was in a thread discussing a vulnerability in the Microsoft Teams application[1] which was exploitable to retrieve the user's secrets[2] from their config file.
So, that particular comment was very much on-topic and in-context.
[1] Not sure if it was on all platforms or not.
[2] Or something - I forget exactly what was leaked.
It would add fair bit of code, sure, but nicely isolated and not complex: It's three extra lines of code in the main function, and a separate utility to write the config.
Balance that against the fact that the server then never writes its own config - that code is moved into the configuration-writing application, which removes complexity from the server application.
> and in particular couple the application to a specific combination of operating system/privileges model/file system.
It does indeed couple it to those systems that are sufficiently POSIX-like; however if you are writing a server that doesn't run on a Linux or BSD-derived system, you are out in the left field anyway.
> How great is the benefit, really? How many things are exploited by the application writing to its own startup config?
Well, the comment I made was in a thread discussing a vulnerability in the Microsoft Teams application[1] which was exploitable to retrieve the user's secrets[2] from their config file.
So, that particular comment was very much on-topic and in-context.
[1] Not sure if it was on all platforms or not.
[2] Or something - I forget exactly what was leaked.