Date: Wed, 20 Jan 2016 21:26:38 +0000 From: One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk> To: Jann Horn <jann@...jh.net> Cc: "Eric W. Biederman" <ebiederm@...ssion.com>, Dan Carpenter <dan.carpenter@...cle.com>, linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com Subject: Re: 2015 kernel CVEs > I know of at least two projects that enter user namespaces without the > necessary care, one of them is LXC. > > > > There is room for improvement in this area but I don't see how this > > qualifies as a CVE. > > I think I agree with that. If there are projects that screw it up then there should be a CVE - it just needs someone to update the CVE to indicate where the actual flaw is. Alan
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.