misc/187307: Security vulnerability with FreeBSD Jail
Shawn Webb
lattera at gmail.com
Thu Mar 6 14:10:34 UTC 2014
On Thu, Mar 6, 2014 at 1:55 AM, Jason Hellenthal <jhellenthal at dataix.net>wrote:
> I would also add . . . separate ssh keys and passwords if the user needs
> access to both host and jailed systems. This is just common practice and
> not a security flaw by any means but an engineering oversight.
>
> Popsicle sticks also have a security flaw, they let you jab yourself in
> the throat if you fall while sucking on them. Solution . . . sit down.
One can also use vnet (VIMAGE kernel option) in conjunction with jails to
give each jail its own full TCP/IP stack, rather than sharing the TCP/IP
stack with the host.
More information about the freebsd-security
mailing list