Another solution would be to refuse to honor setuid if the namespace allows a user to mount arbitrary file systems.
Lucho
On Tue, Apr 18, 2006 at 03:34:53PM -0500, Russ Cox said:
> > A masking bind over /etc/passwd could be disasterous
> > on Unix and I don't think anyone has really solved this problem yet
>
> this is trivial to solve. setuid binaries should run
> in the default system name space instead of inheriting
> the one in use where they are started.
>
> russ
