Was Unpriviledged User Namespaces exploited since it started to default to YES?
We had good discussions about it being safe or not five years ago, and it was defaulted to yes on the kernel way over 3 years ago (with a note calling anyone security conscious who disable it as paranoid)
So, was it exploited after all in those 3 years? I couldn't find anything and this is not something I tracked during this time.
The 5+yr old issues were mostly kernel code checking privilege without the namespace checks (so root inside namespace could call uid 0 code on the host), which I hope they ironed out with some confidence before the default to Yes. Which then I would further assume it's mostly-harmless now unless you are injecting weird modules. And by mostly-harmless I mean no worse than any local exploit in the kernel would be. To validate all those assumptions I was trying to search for exploits using this but found none. Is this really or did I fail to find them?
