this cannot be correct as the in-jail bin/freebsd-version can be an arbitrary file, in particular something malicious planted by jailed root

the current approach of doing jexec is already dodgy as it can for example decide to hold up execution by stalling indefinitely

non-jailed exec is straight up privilege escalation