Vendor "leak" on the #vserver official channel:

Nov 25 12:17:57 <Bertl> k, on a different note, ascii reported an old potential exploit working on 'vserver - exec' via tiocsti
Nov 25 12:18:08 <daniel_hozac>  hmm?
Nov 25 12:18:39 <Bertl> stuffing characters into the terminal buffer, which get executed (as root) at return
Nov 25 12:19:23 <Bertl> and I thought about fixing it in the kernel by adding a ccap blocking that ioctl
Nov 25 12:19:31 <daniel_hozac>  hmm.
Nov 25 12:20:08 <daniel_hozac>  can't we just check it for the terminal belonging to the calling context?
Nov 25 12:20:11 <Bertl> running luit vserver - exec is a fix for existing setups