"Negative permissions have consistently been regarded as bad practice and often treated as theoretical concept...If you find yourself reliant on them, consider one of the following actions: Restructure your permissions into proper allow rules; this is the most recommended approach."

This resonates. Negative permissions can be a real footgun, which is why we are being very surgical on if/where to introduce them at Oso[1]

[1] https://www.osohq.com/

This is how I feel about systemd's approach of using badness when configuring their ever-growing badness-oriented .service files.

Ideally, you should be using goodness (inclusion of privilege) instead.

Same goodness things we do with default-deny firewall, and file permission.

Also known as enumerating badness.

Yes it is a terrible way to operate, and should never be used on secure systems. it is reactive(closing the barn door after the horse got away) endless, thankless task. but....

It always feels wrong to preemptively squash creativity. to make rules not saying what people can't do. but only what they can do. You really have to embrace the police state if you only use positive permissions.

A koan from /usr/games/fortune

"Every program has two purposes -- one for which it was written and another for which it wasn't."