Capsicum project: Ideas needed
Gleb Kurtsou
gleb.kurtsou at gmail.com
Sat Jul 9 22:22:38 UTC 2011
On (09/07/2011 15:54), Gabor Kovesdan wrote:
> Em 08-07-2011 13:23, Ivan Voras escreveu:
> > On 08/07/2011 05:42, Ilya Bakulin wrote:
> >> Hi hackers,
> >> As a part of ongoing effort to enhance usage of Capsicum in FreeBSD base
> >> system, I want to ask you, which applications in the base system should
> >> receive sandboxing support.
> >
> > How about a small description what sandboxing can bring to applications?
> >
> > I'm browsing the documents at
> > http://www.cl.cam.ac.uk/research/security/capsicum/documentation.html
> > but it looks like it still mostly describes the generic framework
> > rather than what you can do with it. From it, it looks like you can
> > set limits on file handle operations (e.g. (lc_limitfd(STDOUT_FILENO,
> > CAP_FSTAT | CAP_SEEK | CAP_WRITE)), but what else?
> Yes, I've been reading the thread and I don't know either what are the
> deliverables of a Capsicum sandbox.
>
> Anyway, consider sendmail and BIND. I think these are important enough
> to get some more protection.
Both sendmail and bind are very complicated peaces of software. I thinks
it would be necessary to split them up into several independent daemons
first and than place each into capsicum sandbox. Privilege separation
makes sshd a better condidate here (sshd is already sandboxed).
I'd really like to see lwresd sandboxed and enabled by default, ntpdate
may also be a good candidate but it's not that important.
>
> Gabor
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
More information about the freebsd-hackers
mailing list