Am 19.10.2015 um 14:36 schrieb Yves-Alexis Perez:
> On dim., 2015-10-18 at 20:41 -0500, Serge E. Hallyn wrote:
>> We shouldn't need a long-term solution.  Your concern is bugs.  After
>> some time surely we'll feel that we have achieved a stable solution?
> 
> But this is actually the whole point: we need a long term solution, because
> they will always be bug, whether in user namespaces or in others parts exposed
> by user namespaces. It's fine to fix them when we find them, but that still
> means they're exploitable even before we know about them. We still find bugs
> in code written years ago, it's quite certain there are bugs in current code.

You can replace the term "user namespace" with any other non-trivial kernel 
subsystem.
There will always be bugs.

Thanks,
//richard
--
To unsubscribe from this list: send the line "unsubscribe 
linux-security-module" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to