On Tue, Jul 19, 2022 at 12:20 PM <mikoxy...@gmail.com> wrote: > I'm sorry that you didn't read the actual CVE.
Well I did... which is why I haven't written "the next security hole in user ns" but "the next one that have been mitigated if Debian were to ship sane defaults". > Do correct me if I'm wrong, though. In the end of the day it's still yet another root security hole which was exposed for no good reasons, by user names being enabled per default - where the bug originates in, won't really bother any attacker, nor will it make a difference for any compromised system. Regards, Philippe
