On Tue, Jul 19, 2022 at 12:20 PM <mikoxy...@gmail.com> wrote:
> I'm sorry that you didn't read the actual CVE.

Well I did... which is why I haven't written "the next security hole
in user ns" but "the next one that have been mitigated if Debian were
to ship sane defaults".

> Do correct me if I'm wrong, though.

In the end of the day it's still yet another root security hole which
was exposed for no good reasons, by user names being enabled per
default - where the bug originates in, won't really bother any
attacker, nor will it make a difference for any compromised system.


Reply via email to