FreeBSD 15.0’s composable design, jail security analysis, and Intel hardware upgrade challenges and more.
Releases
No releases.
BSDSec
No security announcements. As always, it’s worth following BSDSec. RSS feed available.
News
Valuable News – 2026/01/05: The Valuable News weekly roundup curates notable updates, articles, and resources primarily focused on UNIX/BSD/Linux ecosystems while occasionally covering broader tech topics. This edition highlights FreeBSD 15.0’s composable design, OpenBSD’s kernel driver challenges, and a security analysis of FreeBSD jails presented at 39C3. Additional coverage spans FFmpeg’s DMCA filing against Rockchip, Wayland adoption in 2026, and tools like WebZFS for ZFS management.
Escaping FreeBSD Jails: Security Analysis and Exploit Techniques: This presentation examines the robustness of FreeBSD’s jail mechanism, a long-standing OS-level isolation feature used in hosting environments and security sandboxes. Researchers conducted a comprehensive audit of kernel code accessible from within jails, uncovering approximately 50 vulnerabilities across various subsystems, including memory safety issues, race conditions, and logic flaws. The talk demonstrates proof-of-concept exploits that achieve jail escapes, highlighting systemic challenges in maintaining strict isolation within complex kernel codebases. Findings were responsibly disclosed to FreeBSD’s security team, with ongoing collaboration on fixes. The discussion extends to broader lessons for container security and recommendations for hardening FreeBSD’s jail subsystem against evolving threats.
Tutorials
FreeBSD 14-to-15 upgrade on Intel hardware: A detailed account outlines the non-standard process of upgrading a Slimbook Base 14 laptop with Intel i5-10210U and Comet Lake GPU from FreeBSD 14 to 15, emphasizing unconventional methods due to ZFS feature incompatibilities and outdated system files. The upgrade involved manually replacing kernel and base components, forcing system file overwrites, and handling missing libraries by copying from a pre-built 15.0 environment. Post-upgrade steps included package management updates, KDE Plasma Wayland installation, and Intel graphics driver configuration, all while noting the instability of such an approach. The process contrasts with a prior AMD-based upgrade, highlighting hardware-specific hurdles and the necessity of manual intervention when automated tools fail. The end result achieved the goal of a functional KDE Plasma Wayland session on FreeBSD 15.
FreeBSD Home NAS setup with ZFS mirror (RAID1): This guide details the process of configuring a FreeBSD-based home NAS using ZFS mirroring (RAID1) in a virtualized environment. It begins with installing FreeBSD 14.3 via SSH using the bsdinstall utility, including disk partitioning for UFS root, swap, and boot partitions. The setup then proceeds to create a ZFS mirror pool from two virtual disks, enabling compression and configuring automatic mounting. The article also covers basic security hardening, network configuration, and system service management. The approach emphasizes manual configuration over pre-packaged solutions like TrueNAS, providing a foundation for further NAS customization. The process is documented with step-by-step commands and screenshots for clarity.
Did we miss anything?
This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.
Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).
Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.
Thanks for reading and see you next week! Stay safe!