« Previous 1 2 3
Capsicum – Additional seasoning for FreeBSD
Hot and Spicy
Conclusions
FreeBSD 9 developers introduced the Capsicum security mechanism. The full extent of Capsicum functionality will be available as of FreeBSD 10. All safety-critical system programs will then use the new framework. Also, some applications, such as Apache, might be adapted to use the new FreeBSD environment. Some developers of GNUstep applications also intend to modify them for FreeBSD Capsicum. The KDE maintainers have announced their intent to implement Capsicum in KDE. It will be exciting to see what kind of interesting applications Capsicum supports in the future.
Infos
- "Introducing Capsicum: Practical Capabilities for UNIX" by Robert N.M. Watson et al., ;login , December 2010: https://www.usenix.org/publications/login/december-2010-volume-35-number-6/introducing-capsicum-practical-capabilities-unix
- Capsicum permissions: http://www.dankoweit.de/FreeBSD/hp_freebsd_capsicum_capabilities.html
- Man pages for capsicum(4), cap_enter(2), cap_new(2)
- rwhod (BSD license): http://svnweb.freebsd.org/base/head/usr.sbin/rwhod/rwhod.c?revision=252605&view=markup
- Compartmentalization (r252603): http://lists.freebsd.org/pipermail/svn-src-head/2013-July/049115.html
- Setting Capsicum flags (r252605): http://lists.freebsd.org/pipermail/svn-src-head/2013-July/049116.html
- Complete source code of tcpdump (BSD license): http://p4db.freebsd.org/fileDownLoad.cgi?FSPC=//depot/user/pjd/capsicum/contrib/tcpdump/tcpdump.c&REV=17
- "Comparison of Sandboxing Technologies" by Robert N.M. Watson et al., University of Cambridge, pg. 11: http://www.cl.cam.ac.uk/~jra40/publications/2010/USENIXSEC-capsicum.pdf
« Previous 1 2 3
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.