Comment by acdha

My point about coreutils was that they’re rarely used in situations where an attacker can provide arbitrary input - it’s more like race conditions with code already running on the same system trying to escalate access – so what you need to protect against are things like race conditions around file operations or symlink safety.