On Thu, Mar 6, 2014 at 1:55 AM, Jason Hellenthal <[email protected]>wrote: > I would also add . . . separate ssh keys and passwords if the user needs > access to both host and jailed systems. This is just common practice and > not a security flaw by any means but an engineering oversight. > > Popsicle sticks also have a security flaw, they let you jab yourself in > the throat if you fall while sucking on them. Solution . . . sit down. One can also use vnet (VIMAGE kernel option) in conjunction with jails to give each jail its own full TCP/IP stack, rather than sharing the TCP/IP stack with the host. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"