On Thu, Jan 11, 2018 at 11:24:56PM +0100, Lennart Poettering wrote:
I hope you are aware that user id 65534 is used by user namespacing
(i.e. CLONE_NEWUSER) too, and in that context is probably much more
prominently visible to users than in the NFS context. The fact that
the user/group is called "nfsnobody" is quite misleading if most users
see it only in the user namespacing context which has zero
relationship to NFS.
Is there any security implication of re-using 65534 for user
namespacing, since NFS was using it before? Why not assign a new uid
for user namespacing?