this really isn't the place for logical fallacies. it is impossible to prove any code is entirely bug free (let's ignore the theoretical proof based systems as they're entirely irrelevant to this discussion). if you have any actual bugs to report, then do so. otherwise, you're wasting everyone's time. i think we've all been pretty clear that making unshare, as-is, setuid is completely wrong and, frankly, stupid. it's trivial to leverage privilege escalation after that point. as for enhancing unshare to be aware that it's setuid and thus drop root back once it's done making the unshare calls, i don't see the point. user namespaces work already and don't require setuid and are widely available. if you don't like userns, that's your choice, but not our problem. -mike
Attachment:
signature.asc
Description: Digital signature
