Hi list, I'm trying to setup a chroot jail for some of my students and I am providing a java compiler for their development use since part of the class is programming java. Due to a strange bug/feature in java 1.4.2, java/javac/etc will not function without a /proc filesystem. (http://developer.java.sun.com/developer/bugParade/bugs/4861802.html - fixed for Solaris users) So, I made a /proc file system in their jail using: mount -t proc proc /usr/local/mychroot/proc A little bit of searching tells me that this is a security risk. Does anyone here know anything more about this? I saw somewhere googling that it is possible using a 2.4.x kernel to make a "more secure /proc filesystem" but they didn't say how. I suppose by providing a java compiler I'm already making the chroot somewhat insecure. Does anyone have opinions on the security a chroot jail provides for login accounts? I've seen stuff like this on the web and it makes me a little antsy: http://www.bpfh.net/simes/computing/chroot-break.html but it's better than just giving full system access I guess. Also, do people make /dev in their chroots? If so, how? Thx, Josh _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list