cpu and exportfs accept a pattern file (-P) option. with this, you can make cpu export only the namespace parts that you want to give the cpu server access to.
the difficulty lies in how to decide what you want to export and still keep cpu usefull. if you really assume a compromized cpu server, then you cant really export anything but /dev/cons. (and even then, he can trick you and make the cpu session look like it errored out, but you'r really on the cpu server and he will then try to capture your keystrokes to get the password). i would be interested to hear from someone who thought about this and made up some good conventions that work. for now, i would suggest not to cpu into machines that you do not trust. but its hard to know who you can trust and even then, machines might have been hacked without the knowledge of the owner. -- cinap
