[Status Update] Capsicum adaptation project: Week 6
Ilya Bakulin
webmaster at kibab.com
Mon Jul 4 20:13:19 UTC 2011
Hi,
this is the fifth update for Capsicum adaptation project.
During last week I have discussed my syslogd(8) changes with Ben. He said that my way of modificatiion "looks suspiciously easy", and that we need to test if all unneeded privileges have been discarded. This requires switching to FreeBSD-capsicum branch from p4, which I haven't done yet. After this is done, I will be able to use modified procstat to examine process privileges. Ben also agrees that I should make such switch.
I was in Belarus the most time during this week, and visited LVEE'2011 conference there. During this conference I spoke to Alexey Cheusov from NetBSD project, who is doing similar security stuff at NetBSD now. We will likely discuss capsicum-related questions in the meantime.
This week I plan to:
1) Finally switch to p4 version of FreeBSD-capsicum (or even git tree, will dicuss with John & Robert);
2) Fix syslogd capsicumization by using procstat;
3) Try to modify ntpd and xz archiver. The latter shoud be relatively easy, because gzip has the same functionality and workflow, and it has also been adapted to use Capsicum;
ntpd is more complex thing.
4) Raise (finally!) an open discussion on hackers@ about next possible applications to pay attention to.
--
Regards,
Ilya Bakulin
http://kibab.com
xmpp://kibab612@jabber.ru
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 267 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/soc-status/attachments/20110704/d18ccafb/signature.pgp
More information about the soc-status
mailing list