On Thu, Mar 6, 2014 at 1:55 AM, Jason Hellenthal <jhellenthal@dataix.net>wrote: > I would also add . . . separate ssh keys and passwords if the user needs > access to both host and jailed systems. This is just common practice and > not a security flaw by any means but an engineering oversight. > > Popsicle sticks also have a security flaw, they let you jab yourself in > the throat if you fall while sucking on them. Solution . . . sit down. One can also use vnet (VIMAGE kernel option) in conjunction with jails to give each jail its own full TCP/IP stack, rather than sharing the TCP/IP stack with the host. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"