From owner-freebsd-questions@freebsd.org  Wed Sep  2 21:41:04 2015
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D73E59C84E9
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Wed,  2 Sep 2015 21:41:04 +0000 (UTC)
 (envelope-from amvandemore@gmail.com)
Received: from mail-wi0-x22f.google.com (mail-wi0-x22f.google.com
 [IPv6:2a00:1450:400c:c05::22f])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 7067BBFE
 for <freebsd-questions@freebsd.org>; Wed,  2 Sep 2015 21:41:04 +0000 (UTC)
 (envelope-from amvandemore@gmail.com)
Received: by wicge5 with SMTP id ge5so54579352wic.0
 for <freebsd-questions@freebsd.org>; Wed, 02 Sep 2015 14:41:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=lTeUeZJDW4Y1YtqtxRuV4EGz5mdxWcr4VyKoTnU/qcc=;
 b=dF0KApmp2ZUVw1tvNf8xP50K+V+eZZxFlXkuuTJGc1ecLQX6+rFcgbiSYIOUrx8xc1
 4MbYStHcKzv3qPm+NQd8JKG92IQ0Wzpl8NDl1WXJ9zLIYRysS94KjjPwSE6Jwe2elc+M
 CSorEwibNUHPvHt1ewAftNIAH9e1EohRtRLsNTpSIM4JYNvACJZAatK0Qvn2lWtVTMt2
 QPxy0WP4tjX+sbtEMTlhi61NMtMy/X7Jd49gFXATdbNXoW1XydQxVEVHEyr/NVYCUTeB
 lQip32Me9DflKPyVcQ4SISu3yi/DjseRPpkW51EQLNY0h6+X8u7lgp+G1grA/ZMk2E2b
 g9cQ==
MIME-Version: 1.0
X-Received: by 10.180.105.74 with SMTP id gk10mr7259469wib.92.1441230062822;
 Wed, 02 Sep 2015 14:41:02 -0700 (PDT)
Received: by 10.194.67.5 with HTTP; Wed, 2 Sep 2015 14:41:02 -0700 (PDT)
In-Reply-To: <55E7526D.5040101@kulturflatrate.net>
References: <55E6E26A.1040706@kulturflatrate.net>
 <CA+tpaK1UVW5in1JUfoKwZuO=_ACTHx_xCPy0zWO1_NL1s9Wzmw@mail.gmail.com>
 <55E704D4.2050607@kulturflatrate.net>
 <CA+tpaK0Yh3KEcOtTXx0Aco1dGiGWCw=t0LYOnGVyrMo33BLzMw@mail.gmail.com>
 <55E7526D.5040101@kulturflatrate.net>
Date: Wed, 2 Sep 2015 16:41:02 -0500
Message-ID: <CA+tpaK1qhEO1yWa2jEmh1xziXutgAnTKC03Bk5fsJsdit7khgg@mail.gmail.com>
Subject: Re: Jail causes host to reboot
From: Adam Vande More <amvandemore@gmail.com>
To: Niklaas Baudet von Gersdorff <niklaas@kulturflatrate.net>
Cc: FreeBSD Questions <freebsd-questions@freebsd.org>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.20
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2015 21:41:05 -0000

On Wed, Sep 2, 2015 at 2:47 PM, Niklaas Baudet von Gersdorff <
niklaas@kulturflatrate.net> wrote:

> On 02/09/15 17:11, Adam Vande More wrote:
>
> > Yes, depending on configuration.  It's trivial to make a jail insecure.
> > The trick is to make a jail secure and fully functional for your needs.
>
> Can you recommend resources that further explicates how to secure jails?
> I am very interested in this but lack "ideas" on how to attack a system
> so that I could make it more secure. I'd be happy about any internet
> resource, book or article.
>

The best resource I can think is the FreeBSD bugzilla which contains the
jail security advisories and related fixes.

-- 
Adam