Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mstdn.io/users/wolf480pl/statuses/112651007183522408">Wolf480pl (wolf480pl@mstdn.io)'s status on Saturday, 29-Jun-2024 20:08:52 JST</a><a href="https://mstdn.io/@wolf480pl" title="wolf480pl@mstdn.io"><img src="https://gnusocial.jp/avatar/6007-48-20230307202553.webp" width="48" height="48" alt="Wolf480pl" style="position: absolute; left: 0; top: 0;">Wolf480pl</a><div><a href="https://toot.cafe/@phel/112650995317747147" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://toot.cafe/@phel">@phel</a> it's not about security concerns with the implementation. It's about exposing all the privileged syscalls as attack surface to everyone.</p><p>Without userNS, a use-after-free in eg. netfilter code is a mildly annoying bug.</p><p>With userNS, it's a local privilege escalation.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3307819#notice-6518160">In conversation</a><time datetime="2024-06-29T20:08:52+09:00" title="Saturday, 29-Jun-2024 20:08:52 JST">about 5 months ago</time> <span>from <span><a href="https://mstdn.io/@wolf480pl/112651007183522408" rel="external" title="Sent from mstdn.io via ActivityPub">mstdn.io</a></span></span><a href="https://mstdn.io/@wolf480pl/112651007183522408">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Wolf480pl (wolf480pl@mstdn.io)'s status on Saturday, 29-Jun-2024 20:08:52 JSTWolf480pl
in reply to
- Phel
@phel it's not about security concerns with the implementation. It's about exposing all the privileged syscalls as attack surface to everyone.
Without userNS, a use-after-free in eg. netfilter code is a mildly annoying bug.
With userNS, it's a local privilege escalation.
In conversationabout 5 months ago from mstdn.iopermalink

Public

Embed Notice

HTML Code

Corresponding Notice