It's probably true that there are setuid programs that can be exploited if you r... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		kragen 26 days ago \| parent \| context \| favorite \| on: Don't tug on that, you never know what it might be... It's probably true that there are setuid programs that can be exploited if you run them in a user namespace. You probably need to remove setuid (and setgid) as Plan9 did in order to do this.

josephcsible 26 days ago [–]

I meant distros are moving towards no unprivileged user namespaces at all, not just no setuid programs inside them.

kragen 26 days ago | [–]

Is "just no setuid programs inside them" even an option?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact