alt Hacker NewsNo, I mean do you run FreeBSD boxes where users who should not ever assume root access actually login to do tasks?
My point is that if you do, you probably shouldn't run, for e.g applications which need production db credential, or hold sensitive data on these boxes, or .. whatever.
Edit: I use FreeBSD extensively, for various things -- but shell access to them is restricted to the sysadmins..
Replies
Also statements like this one - TBH -- I don't have any of these kinds of boxes anymore. Who is really running anything like this in 2026 and for what purpose?
Does not convey what your clarification attemps to state.
I mean, where I work we offer machines to external users where they have shell access to be able to do their science, but I don't want them to have root access. Other institutes we work with (like supercomputer networks, etc) give us/users non-root access.
When things like CVE-2026-31431 or the bug that this thread is about affect our systems it causes a big headache. Yeah, we firewall off what we _can_ by having different machines doing critical things versus the ones where science users have code execution, but we don't have the resources to give every user their own machine.
Hard to tell about FreeBSD, it's basically extincted, but think of webhosting servers, wordpress, cPanel/Plesk and alike.
often it's ssh'able with things like rbash and other restrictions and almost always you, well, can run something there (as you can edit php/other files right from web management ui).
Hordes of this (in Linux world).
No. And hosting providers I have used usually use VM isolation (QEMU/etc) for the VPS type instances they allocate to users. The VM is vulnerable if it happens to have a kernel compiled such that allows this vuln.