this code was written before unprivileged network namespaces were much of a thing so the theory that a developer would plant a bugdoor for this is not probable.
you can think of unprivileged namespaces in general as a bunch of attack surface that was previously root to kernel only and hadn't had much scrutiny. these bugs will take decades to eliminate without a rewrite of linux.
you can think of unprivileged namespaces in general as a bunch of attack surface that was previously root to kernel only and hadn't had much scrutiny. these bugs will take decades to eliminate without a rewrite of linux.