On 08/25/2015 11:01 PM, Cyrill Gorcunov wrote: > I suspect the main problem comes from ability to run user-supplied > scripts, right? As far as I can tell, these a sent back to the requesting process and run in the calling user. This part should be okay. -- Florian Weimer / Red Hat Product Security