----- Original Message -----
From: "Enrico Scholz" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, September 17, 2003 12:52 PM
Subject: Re: [vserver] Using NFS mounts in a vserver
> [EMAIL PROTECTED] ("Matthieu Racine") writes:
>
> > I'm using NFS mounts with succes in vservers from about 4 months.
> > ...
> > 3 - when starting the vserver, doing :
> > chbind --ip <my_vserverip> --bcast <my_vserver_broadcast> chroot
> > ${VSERVERS_ROOT}/${VSERVER_NAME} mount -t nfs
> > <myNFSserverIP>:/partage/nfs/pro /mnt/pro
>
> This 'chroot' makes you vulnerably against attacks from inside of the
> chroot (attacker can replace 'mount' (which runs in host-ctx) and can
> break out of the chroot).
>
You're right,
so :
cp -pf /bin/mount ${VSERVERS_ROOT}/${VSERVER_NAME}/bin/mount && chbind --ip
blablabla....
Matthieu
