From: Matthieu Racine (m.racine_at_free.fr)
Date: Tue 23 Sep 2003 - 08:12:19 BST
----- Original Message -----
From: "Enrico Scholz" <enrico.scholz_at_informatik.tu-chemnitz.de>
To: <vserver_at_solucorp.qc.ca>
Sent: Wednesday, September 17, 2003 12:52 PM
Subject: Re: [vserver] Using NFS mounts in a vserver
> m.racine_at_free.fr ("Matthieu Racine") writes:
>
> > I'm using NFS mounts with succes in vservers from about 4 months.
> > ...
> > 3 - when starting the vserver, doing :
> > chbind --ip <my_vserverip> --bcast <my_vserver_broadcast> chroot
> > ${VSERVERS_ROOT}/${VSERVER_NAME} mount -t nfs
> > <myNFSserverIP>:/partage/nfs/pro /mnt/pro
>
> This 'chroot' makes you vulnerably against attacks from inside of the
> chroot (attacker can replace 'mount' (which runs in host-ctx) and can
> break out of the chroot).
>
You're right,
so :
cp -pf /bin/mount ${VSERVERS_ROOT}/${VSERVER_NAME}/bin/mount && chbind --ip
blablabla....
Matthieu