Capsicum – Additional seasoning for FreeBSD

Hot and Spicy

Conclusions

FreeBSD 9 developers introduced the Capsicum security mechanism. The full extent of Capsicum functionality will be available as of FreeBSD 10. All safety-critical system programs will then use the new framework. Also, some applications, such as Apache, might be adapted to use the new FreeBSD environment. Some developers of GNUstep applications also intend to modify them for FreeBSD Capsicum. The KDE maintainers have announced their intent to implement Capsicum in KDE. It will be exciting to see what kind of interesting applications Capsicum supports in the future.

Infos

  1. "Introducing Capsicum: Practical Capabilities for UNIX" by Robert N.M. Watson et al., ;login , December 2010: https://www.usenix.org/publications/login/december-2010-volume-35-number-6/introducing-capsicum-practical-capabilities-unix
  2. Capsicum permissions: http://www.dankoweit.de/FreeBSD/hp_freebsd_capsicum_capabilities.html
  3. Man pages for capsicum(4), cap_enter(2), cap_new(2)
  4. rwhod (BSD license): http://svnweb.freebsd.org/base/head/usr.sbin/rwhod/rwhod.c?revision=252605&view=markup
  5. Compartmentalization (r252603): http://lists.freebsd.org/pipermail/svn-src-head/2013-July/049115.html
  6. Setting Capsicum flags (r252605): http://lists.freebsd.org/pipermail/svn-src-head/2013-July/049116.html
  7. Complete source code of tcpdump (BSD license): http://p4db.freebsd.org/fileDownLoad.cgi?FSPC=//depot/user/pjd/capsicum/contrib/tcpdump/tcpdump.c&REV=17
  8. "Comparison of Sandboxing Technologies" by Robert N.M. Watson et al., University of Cambridge, pg. 11: http://www.cl.cam.ac.uk/~jra40/publications/2010/USENIXSEC-capsicum.pdf

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus