Comment 32 for bug 1015531

I've only a small remark re comment 22.

It's not just corrupting arbitrary files on the host.
You could inject arbitrary keys into /root/.ssh/authorized_keys on the host.
Now that's probably not an issue as the attacker probably wouldn't have remote access to the host.
If that assumption is always valid, then comment 22 is fine as is.