Been a week (almost) and I haven't had any takers. Thought I'd repost... Thx, Josh On Tue, 27 Jan 2004 01:02:19 -0600 Josh Trutwin <josh at trutwins.homeip.net> wrote: > Hi list, > > I'm trying to setup a chroot jail for some of my students and I am providing a java compiler for their development use since part of the class is programming java. Due to a strange bug/feature in java 1.4.2, java/javac/etc will not function without a /proc filesystem. (http://developer.java.sun.com/developer/bugParade/bugs/4861802.html - fixed for Solaris users) > > So, I made a /proc file system in their jail using: > > mount -t proc proc /usr/local/mychroot/proc > > A little bit of searching tells me that this is a security risk. Does anyone here know anything more about this? I saw somewhere googling that it is possible using a 2.4.x kernel to make a "more secure /proc filesystem" but they didn't say how. I suppose by providing a java compiler I'm already making the chroot somewhat insecure. > > Does anyone have opinions on the security a chroot jail provides for login accounts? I've seen stuff like this on the web and it makes me a little antsy: http://www.bpfh.net/simes/computing/chroot-break.html but it's better than just giving full system access I guess. > > Also, do people make /dev in their chroots? If so, how? > > Thx, > > Josh _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list