From owner-freebsd-hackers@FreeBSD.ORG Thu Sep 8 10:14:42 2011 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 87638106566B for ; Thu, 8 Sep 2011 10:14:42 +0000 (UTC) (envelope-from stas@FreeBSD.org) Received: from mx0.deglitch.com (cl-414.sto-01.se.sixxs.net [IPv6:2001:16d8:ff00:19d::2]) by mx1.freebsd.org (Postfix) with ESMTP id 33EB48FC14 for ; Thu, 8 Sep 2011 10:14:42 +0000 (UTC) Received: from orion.SpringDaemons.com (c-98-234-217-95.hsd1.ca.comcast.net [98.234.217.95]) by mx0.deglitch.com (Postfix) with ESMTPA id 0CBD88FC39; Thu, 8 Sep 2011 14:14:41 +0400 (MSD) Received: from orion (localhost [127.0.0.1]) by orion.SpringDaemons.com (Postfix) with SMTP id 74CDD3A12E; Thu, 8 Sep 2011 03:15:18 -0700 (PDT) Date: Thu, 8 Sep 2011 03:15:18 -0700 From: Stanislav Sedov To: "Ilya Bakulin" Message-Id: <20110908031518.481d8a78.stas@FreeBSD.org> In-Reply-To: <2c9d3cc8a0b85313f55f53ca573af81a.squirrel@zugang.kibab.com> References: <4E167C94.70300@kibab.com> <4E1685D8.403@gmail.com> <2c9d3cc8a0b85313f55f53ca573af81a.squirrel@zugang.kibab.com> Organization: The FreeBSD Project X-Mailer: carrier-pigeon Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: Matt , freebsd-hackers@freebsd.org, "Robert N. M. Watson" , Jonathan Anderson , Ben Laurie Subject: Re: Capsicum project: Ideas needed X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Sep 2011 10:14:42 -0000 On Fri, 8 Jul 2011 15:09:52 +0400 "Ilya Bakulin" mentioned: > [CCing Ben, Robert and Jonathan as it's very important for me to receive > their feedback about my thoughts] > > Let me focus on those application ideas that you've mentioned. All the > following are my thoughts and this may be incorrect, in this case please > correct me. > > > -any server software > Yes, server software is a good candidate for bringing cap.mode in. Though > this applies to servers that do not include in-process support for > interpreters (ie Apache + mod_php), see later why. Such software as nginx, > lighttpd is OK. Speaking about base system components, this list includes > inetd daemons (but modification of inetd itself is NOT sufficient and > ineffective, capability support implies modifying code of daemons) I would also suggest our Heimdal Kerberos implementation as it performs a lot of non-trivial ASN.1 and GSSAPI decapsulation/encapsulation when processing packets and we saw a lot of vulenrabilities in the past in these areas. Unfortunately, Heimdal will be probably to large to break into compartments. -- Stanislav Sedov ST4096-RIPE () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments