Previously, process name was grabbed from `/proc/pid/cmdline`. This was
revealed to be faulty, since the path to the executable might be
relative, and thus would change the result depending on how the program
was called. Also, it made executable renaming a viable bypass of the
entire access control.
I still don't fully undestand how I managed to not think of this before
:)
Added the initial support for the database protection with the setuid
mechanism. In the beginning the program creates(or opens) the database
as a special user, and then switches to the real uid and functions
normally.
Creating files grants permanent permissions to them now. This makes
sense because if a program creates a new file, then it clearly can't
steal any data. This is particularly useful for programs which open an
obscene amount of auxilary files (e.g. neovim with a huge amount of
plugins).
Finally implemented the permanent permission tables using sqlite3. For
now, performance wasn't a consideration. There are a lot of
optimizations that could be made, like having prepared queries. The code
remains fairly untested.
The script was correctly opening the `truth` file by piping `echo` to
it, but then it tried to deny another operation on it. But since pipes
are opened by the script process, the permission was given to the
script. And since the permissions are preserved for the entire runtime
of a process, and child processes inherit permissions of their parents,
any command executed later would also have the necessary permissions to
open `truth` (which was the case for the second operation). Now the
second operation is performed on a different file.
