Am 19.10.2015 um 14:36 schrieb Yves-Alexis Perez: > On dim., 2015-10-18 at 20:41 -0500, Serge E. Hallyn wrote: >> We shouldn't need a long-term solution. Your concern is bugs. After >> some time surely we'll feel that we have achieved a stable solution? > > But this is actually the whole point: we need a long term solution, because > they will always be bug, whether in user namespaces or in others parts exposed > by user namespaces. It's fine to fix them when we find them, but that still > means they're exploitable even before we know about them. We still find bugs > in code written years ago, it's quite certain there are bugs in current code.
You can replace the term "user namespace" with any other non-trivial kernel subsystem. There will always be bugs. Thanks, //richard -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html