[FreeBSD-Announce] Foundation Announces Capsicum Project!
deb at freebsdfoundation.org
Mon Jun 18 17:33:55 UTC 2012
Dear FreeBSD Community,
The FreeBSD Foundation is pleased to announce that Pawel Jakub
Dawidek has been awarded a grant to develop a comprehensive
userspace framework for writing Capsicum-based applications,
building on the kernel features originally developed by the University
of Cambridge and Google Research.
This framework will include a Capsicum runtime linker and component
library providing sandboxed versions of key higher-level system libraries.
Components will both be sandboxed, improving resistance to vulnerabilities,
and also easily available for delegation to sandboxed applications, such
as the Chromium web browser. The prototype libcapsicum developed by
Cambridge will be analyzed and updated based on lessons learned in
implementing Capsicumised software packages, such as hastd and auditdistd.
Funding for this project will be provided by the FreeBSD Foundation matched
100% by the Google Open Source Program Office, in support of open source
technology transition of Capsicum.
"A continuing challenge in security is to find solutions that not only
fix the problems but also can be applied to existing technologies:
attractive though the notion is, we are not going to persuade the
world to rewrite everything! This is why we at Google are pleased and
excited to support the continuing development of Capsicum, which
radically improves the security of UNIX based systems whilst allowing
a continuous migration path from today's mechanisms to tomorrow's,"
said Ben Laurie, Google Senior Staff Software Engineer.
"I'm very excited to be able to work on Capsicum. Some of my software is
using Capsicum, so I'm fully aware of the great potential of this
This technology is so much superior than the current attempts to provide
sandboxing using tools like chroot(2) or unprivileged user credentials.
No matter how corny it sounds, I strongly believe Capsicum can make the
Internet a safer place." said Pawel.
This project will conclude in August, 2012
The FreeBSD Foundation
More information about the freebsd-announce