Posted Mar 25, 2013 18:46 UTC (Mon) by luto
In reply to: Complexity
Parent article: Anatomy of a user namespaces vulnerability
Chrooting to an empty, unwritable directory, closing fds and dropping privileges denies useful filesystem access. A kernel that suddenly changes that is not okay and should be fixed.
(And that's one of the bugs I found. Guess I might as well make the whole thing public.)
to post comments)