[FreeBSD-Announce] FreeBSD Foundation Announces Capsicum Framework Project

[Deb Goodkin]

Dear FreeBSD Community,

The FreeBSD Foundation is pleased to announce that Pawel Jakub Dawidek has
been awarded a development grant to further improve the Capsicum framework.
The grant is jointly funded by Google's Open Source Programs Office.

The project includes the integration of previous work, implementation of
new programmer-friendly capability system calls, improvements to the Casper
Capsicum service daemon, and sandboxing various security-sensitive
applications.

"My previous Capsicum work focused on improving the framework itself to
make it a better fit for real world applications. This new project will
make use of the improved Capsicum to secure sensitive programs and
libraries found in FreeBSD.  The project will also produce many examples
for others to follow, allowing them to take advantage of Capsicum to
improve the security of their programs," said Pawel.

Ben Laurie, of Google's security team, added that "traditional operating
system security is based on Access Control Lists (ACLs).  Decades of
experience has made it quite clear this is the wrong model - but how can we
move to a better way without having to rebuild everything?  Capsicum shows
that it is possible to migrate gradually from the broken ACL world to a more
robust capability based world.  We are pleased to be involved in the next
step of its evolution."

The project is expected to be completed by June 2013.

The FreeBSD Foundation