On Tue, Apr 16, 2024 at 11:31:43PM +0200, Philippe Cerfon wrote: > Hey. > > There's even an allegedly "wontfix" bug of mine where I requested that > Debian switches back to a secure default and disables user namesapce which > have a long history of being exploitable: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012547 > > Don't think the current hole one will have been the last one. > > Unfortunately it seems a feature that only a group of people will need is > valued more important than keeping users secure. :-(
The problem with disabling unprivileged userns is that in the desktop Linux case it actually causes serious problems, because creating a sandbox is now a privileged operation. IMO Landlock + seccomp is a much better solution for sandboxing, but I don't think it can do everything browsers need yet. For containers, I'm not aware of a good solution right now. -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab
signature.asc
Description: PGP signature
