Hi! It's been quite some time since many distributions enabled the C (credentials) flag when using qemu-user binfmt_misc emulation. This means that qemu-user executable is used to run setuid binaries, usually with elevated privileges. The binary itself might be suited well for security-sensitive and probably hostile environment, but qemu-user binary is definitely not, - it is a quite complex piece of software with a lot of possible attack vectors.
To me it looks like a Very Bad Idea (tm) to enable the C flag in this case. But maybe it's not *that* bad because the administrator is the one who controls *which* setuid binaries are present on the system. What's the qemu project view on this? Thanks, /mjt
