alt Hacker News> 50 distinct issues? That's devastating. If these researchers found 50 issues, we all know there's more that 50 issues in the codebase.
That's rough but for a systematic search of a large system it seems reasonable. Theres a good chance that these 50 represent most the "easy" vulnerabilities if the researchers did a thorough job. In a way it seems more likely than if they found a smaller number.
That’s a fair take, yes. Ilja said that the entire subsystem for Linux on FreeBSD is also jail aware, but he didn’t even begin to look into that.
His process is briefly touched on in the talk. If I understood correctly he compiled a list of the most common jail privilege flags that exist and then searched the FreeBSD source code for those, investigating the code in those places. No automated tooling was used, this was just done by reading the source code. Which Ilja has been doing as “light bed time reading” :p for as long as I’ve known him (25+ years).