They need to be simple and carefully constructed
Yeah, that’s the difficult part. It’s always better to go with the principle of least privilege (which is Capabilities is trying to do) than to just cross your fingers and hope that there are not bugs in your code. And who exactly is going to police people to make sure that their programs are “simple and carefully constructed”? The article I linked is about a setuid-related vuln in goddamn Xorg which is anything but.
Partition management is the single most chaotic chore that you come across as a casual computer user, change my mind. Depending on the partition table and filesystem, each filesystem can have zero, one or two labels assigned to it. But there is no consensus about what to actually call these labels. I’ve seen “partlabel”, “label”, “partition label” and “name” with no obvious way to tell whether the tool is talking about the label stored in the partition table or the label stored in the filesystem.
So just use UUIDs to refer to partitions instead of labels, right? Wrong! Each partition has both a UUID and a PartUUID which are not the same. It’s simple once you are aware of that fact, but if you are not, it can lead to hours of confused troubleshooting. I learned this the hard way.
Yeah, that’s the joke. Americans pull wisdom teeth left and right regardless of whether or not it poses a medical risk, it’s a part of their culture. Source: https://www.sciencealert.com/no-you-probably-don-t-need-to-get-your-wisdom-teeth-removed-ever