From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Sat 11 Oct 2003 - 05:31:39 BST
On Sat, Oct 11, 2003 at 06:16:05AM +0300, Alex Lyashkov wrote:
> On Friday 10 October 2003 20:33, Jacques Gelinas wrote:
> > On Thu, 9 Oct 2003 07:04:02 -0500, Alex Lyashkov wrote
> > > > This is probably a minor problem, but if we want to support vservers
> > > > inside vserver we must allow mount ? This is a problem. mount let you
> > > > DOS a machine. Further, mount is covered by a very broad capability.
> > > >
> > > > Am I missing something ?
> > >
> > > yes.
> > > In private namespace created _private_ mounts tree.
> > > i see one posible DDoS - you can be use it for kernel exhaust memory when
> > > do many many mounts.
> > > What DDoS you see ?
> > Mounting a broken file system can brind the OS down.
> for mount broken file system - host administrator need allow to use broken
> modules or had broken filesystems on hard disk and add node this device to
> vps. it`s right ?
> if other - please detail this DDoS for i can test it.
do you allow raw block device access?
> With best regards,
> Vserver mailing list