Been a week (almost) and I haven't had any takers.  Thought I'd repost...

Thx,

Josh

On Tue, 27 Jan 2004 01:02:19 -0600
Josh Trutwin <josh at trutwins.homeip.net> wrote:

> Hi list,
> 
> I'm trying to setup a chroot jail for some of my students and I am providing a java compiler for their development use since part of the class is programming java.  Due to a strange bug/feature in java 1.4.2, java/javac/etc will not function without a /proc filesystem. (http://developer.java.sun.com/developer/bugParade/bugs/4861802.html - fixed for Solaris users)
> 
> So, I made a /proc file system in their jail using:
> 
> mount -t proc proc /usr/local/mychroot/proc
> 
> A little bit of searching tells me that this is a security risk.  Does anyone here know anything more about this?  I saw somewhere googling that it is possible using a 2.4.x kernel to make a "more secure /proc filesystem" but they didn't say how.  I suppose by providing a java compiler I'm already making the chroot somewhat insecure.  
> 
> Does anyone have opinions on the security a chroot jail provides for login accounts?  I've seen stuff like this on the web and it makes me a little antsy: http://www.bpfh.net/simes/computing/chroot-break.html but it's better than just giving full system access I guess.
> 
> Also, do people make /dev in their chroots?  If so, how?
> 
> Thx,
> 
> Josh

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list