Hi list,

I'm trying to setup a chroot jail for some of my students and I am providing a java compiler for their development use since part of the class is programming java.  Due to a strange bug/feature in java 1.4.2, java/javac/etc will not function without a /proc filesystem. (http://developer.java.sun.com/developer/bugParade/bugs/4861802.html - fixed for Solaris users)

So, I made a /proc file system in their jail using:

mount -t proc proc /usr/local/mychroot/proc

A little bit of searching tells me that this is a security risk.  Does anyone here know anything more about this?  I saw somewhere googling that it is possible using a 2.4.x kernel to make a "more secure /proc filesystem" but they didn't say how.  I suppose by providing a java compiler I'm already making the chroot somewhat insecure.  

Does anyone have opinions on the security a chroot jail provides for login accounts?  I've seen stuff like this on the web and it makes me a little antsy: http://www.bpfh.net/simes/computing/chroot-break.html but it's better than just giving full system access I guess.

Also, do people make /dev in their chroots?  If so, how?

Thx,

Josh

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list