It's astounding that anyone thought it was a good idea to add enormous amounts of kernel attack surface via unprivileged user namespaces.
(this is with lots of false positives, I e.g. also counted occurences in comments)
-
-
There can be a huge amount of functionality gated behind a single privilege check though. It's difficult to gauge the overall impact.
-
agreed. The kernel is not designed for this, and the effects are the exact opposite of kernel self protection project
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.