On Tue, Dec 9, 2014, at 06:25 PM, Luca Bruno wrote: > It still needs linux-user-chroot to be suid, doesn't it?
Right. I do believe it's secure in the sense that someone couldn't use it alone to compromise system *integrity*. And it has passed at least two third party security reviews; fixes resulted from Marc Deslauriers' review, see the git log. However, it does make it even easier to mount local, authenticated DoS attacks. Of course, there are plenty of other vectors for that too.
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
