Capsicum project: Ideas needed
Robert N. M. Watson
robert.watson at cl.cam.ac.uk
Fri Jul 8 20:58:22 UTC 2011
On 8 Jul 2011, at 19:08, Brian Reichert wrote:
> On Fri, Jul 08, 2011 at 07:42:12AM +0400, Ilya Bakulin wrote:
>> The question is: which applications should also be processed? I think
>> that the most wanted candidates are SUID programs and/or popular network
>> daemons.
>
> I propose 'man'; sneaky stuff can happen there....
>
> Dunno if that meshes with your focus on servers, though...
This seems like a perfect example of something that wants to be sandboxed, especially in a post-nroff mandoc world where a single C binary can be sandboxed.
Robert
More information about the freebsd-hackers
mailing list