"Several vendors have asked for exploit code to ensure that the patches actually solve the issue. Due to the severity of the issue (especially for public cloud vendors), we decided to provide the attached exploit code."
It doesnt *look* like its actually attached to the email, not sure how that works
yeah, I noticed that too.
they likely sent the email elsewhere without the attached exploit
thats my guess
> As per OpenWall rules, this exploit code will be published *publicly* 7 days after the CRD (which is 2019-02-18).
error: syntax error, unexpected ',', expecting ')', at (string):218:22
andi- has quit [Ping timeout: 250 seconds]
andi- has joined #nixos-security
pie_: No. It's not attached. It's the unedited embargo email. So the paragraph is there
pretty sure NixOS is not vulnerable
I can't conclusively say it is _not_, but I'm pretty sure it is not
The disclosure talks about "correct use of user namespaces", so I guess one could try to mitigate anyway?