From: Alex Lyashkov (shadow_at_psoft.net)
Date: Fri 10 Oct 2003 - 18:50:15 BST
On Friday 10 October 2003 20:33, Jacques Gelinas wrote:
> On Thu, 9 Oct 2003 07:04:02 -0500, Alex Lyashkov wrote
> > > This is probably a minor problem, but if we want to support vservers
> > > inside vserver we must allow mount ? This is a problem. mount let you
> > > DOS a machine. Further, mount is covered by a very broad capability.
> > >
> > > Am I missing something ?
> > yes.
> > In private namespace created _private_ mounts tree.
> > i see one posible DDoS - you can be use it for kernel exhaust memory when
> > do many many mounts.
> > What DDoS you see ?
> Mounting a broken file system can brind the OS down. A file system just
> follow pointers around and assume the fs was fsck properly. A carefully
> crafted fs (mount using the loop back for example) would bring the system
i disabled use mount loopback :) and remount. only use mount/unmount.
-- With best regards, Alex