On Friday 10 October 2003 20:33, Jacques Gelinas wrote: > On Thu, 9 Oct 2003 07:04:02 -0500, Alex Lyashkov wrote > > > > This is probably a minor problem, but if we want to support vservers > > > inside vserver we must allow mount ? This is a problem. mount let you > > > DOS a machine. Further, mount is covered by a very broad capability. > > > > > > Am I missing something ? > > > > yes. > > In private namespace created _private_ mounts tree. > > i see one posible DDoS - you can be use it for kernel exhaust memory when > > do many many mounts. > > What DDoS you see ? > > Mounting a broken file system can brind the OS down. for mount broken file system - host administrator need allow to use broken modules or had broken filesystems on hard disk and add node this device to vps. it`s right ? if other - please detail this DDoS for i can test it.
-- With best regards, Alex
