undefined | Better HN

0 pointscyberpunk13h ago0 comments

Yep.

You should treat any system where non-admins regularly login as basically insecure/owned and rig your architecture appropriately.

TBH -- I don't have any of these kinds of boxes anymore. Who is really running anything like this in 2026 and for what purpose?

0 comments

mrln12h ago

Not necessarily FreeBSD, but for Linux this applies to most universities with a CS program, I think.

The systems should be cut off from sensitive administrative data, but a malicious student would at the very least have access to the other students' data with an LPE.

bch12h ago

>> monolith kernel written in C

> Who is really running anything like this in 2026 and for what purpose?

Am I parsing your question correctly?

cyberpunkOP12h ago

No, I worded it badly. See below.

jmspring12h ago

Stability of ecosystem. No systemd. Native ZFS. Jails over Docker. Been using it for 20+ years and it’s my preferred server OS.

cyberpunkOP12h ago

No, I mean do you run FreeBSD boxes where users who should not ever assume root access actually login to do tasks?

My point is that if you do, you probably shouldn't run, for e.g applications which need production db credential, or hold sensitive data on these boxes, or .. whatever.

Edit: I use FreeBSD extensively, for various things -- but shell access to them is restricted to the sysadmins..

CoolCold5h ago

Hard to tell about FreeBSD, it's basically extincted, but think of webhosting servers, wordpress, cPanel/Plesk and alike.

often it's ssh'able with things like rbash and other restrictions and almost always you, well, can run something there (as you can edit php/other files right from web management ui).

Hordes of this (in Linux world).

icedchai12h ago

Same. I've been using it since 1996. Initially, we used it at an early ISP for DNS, SMTP, and POP3 for roughly 8K users, and it stuck with me.

tick_tock_tick6h ago

Free root for anyone for over 20 years too.

j / k navigate · click thread line to collapse

0 comments

mrln12h ago

Not necessarily FreeBSD, but for Linux this applies to most universities with a CS program, I think.

The systems should be cut off from sensitive administrative data, but a malicious student would at the very least have access to the other students' data with an LPE.

bch12h ago

>> monolith kernel written in C

> Who is really running anything like this in 2026 and for what purpose?

Am I parsing your question correctly?

cyberpunkOP12h ago

No, I worded it badly. See below.

jmspring12h ago

Stability of ecosystem. No systemd. Native ZFS. Jails over Docker. Been using it for 20+ years and it’s my preferred server OS.

cyberpunkOP12h ago

No, I mean do you run FreeBSD boxes where users who should not ever assume root access actually login to do tasks?

My point is that if you do, you probably shouldn't run, for e.g applications which need production db credential, or hold sensitive data on these boxes, or .. whatever.

Edit: I use FreeBSD extensively, for various things -- but shell access to them is restricted to the sysadmins..

CoolCold5h ago

Hard to tell about FreeBSD, it's basically extincted, but think of webhosting servers, wordpress, cPanel/Plesk and alike.

often it's ssh'able with things like rbash and other restrictions and almost always you, well, can run something there (as you can edit php/other files right from web management ui).

Hordes of this (in Linux world).

icedchai12h ago

Same. I've been using it since 1996. Initially, we used it at an early ISP for DNS, SMTP, and POP3 for roughly 8K users, and it stuck with me.

tick_tock_tick6h ago

Free root for anyone for over 20 years too.

j / k navigate · click thread line to collapse