On Wed, Jan 18, 2017 at 3:35 PM, Andy Lutomirski <[email protected]> wrote: > On Wed, Jan 18, 2017 at 2:50 PM, Djalal Harouni <[email protected]> wrote: >> Andy I don't follow here, no_new_privs is never cleared right ? I >> can't see the corresponding clear bit code for it. > > I believe that unsharing userns clears no_new_privs.
Seriously? That's kind of ... weird. I mean, I guess you're priv-confined in a way, but that seems fragile. -Kees -- Kees Cook Pixel Security
