From owner-freebsd-hackers@FreeBSD.ORG Sat Apr 18 03:00:15 2015 Return-Path: Delivered-To: hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6223D35D for ; Sat, 18 Apr 2015 03:00:15 +0000 (UTC) Received: from mail-pd0-x236.google.com (mail-pd0-x236.google.com [IPv6:2607:f8b0:400e:c02::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 32EA6677 for ; Sat, 18 Apr 2015 03:00:15 +0000 (UTC) Received: by pdea3 with SMTP id a3so146251545pde.3 for ; Fri, 17 Apr 2015 20:00:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=acoJklz7BGCPRwwovLN3XzHwljMlWYBVmTx5gF8Ik0o=; b=0sIrBV96a1mWV0MZmQL9IQtyLwohZ9yErA33i5WV6jHO0nKxfhTHNx9UOQODuvel/z /wp1gDtlIGtG0gHRqKtwncn2jDf+QqHLHK7EXn6xLJiC++6yklZBPYOo+O8vr/QJbB6B oBm/SMds9vZoX8x/gSj4+wdVq6L+cYbyABewh7oFzs21zc7di6xJUdm627XbDmj7of+X d9BzYcGu7y13DlOcheVcjE20j2ERY/OZz1UO0hdbK+xWhjPPL8Zja/eV3TKiqBBsN0XS 3fQqNRuwThrobsGDhtjSoiv3zrdQLChRAg7cnLBBSbxfcb7EPYQxHCClCxV+1F3AgRRC O9zA== MIME-Version: 1.0 X-Received: by 10.70.102.11 with SMTP id fk11mr10384402pdb.144.1429326014587; Fri, 17 Apr 2015 20:00:14 -0700 (PDT) Received: by 10.70.82.68 with HTTP; Fri, 17 Apr 2015 20:00:14 -0700 (PDT) In-Reply-To: References: Date: Sat, 18 Apr 2015 13:00:14 +1000 Message-ID: Subject: Re: CloudABI: Taking capability-based security to the next level? From: Outback Dingo To: Ed Schouten Cc: hackers@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Apr 2015 03:00:15 -0000 On Fri, Apr 17, 2015 at 1:32 AM, Ed Schouten wrote: > Hello fellow FreeBSD hackers, > > If you are planning on attending BSDCan this year, you may have > noticed that I am going to give a talk on something mysterious called > CloudABI[1]. I thought it would make sense to also announce its > availability here before the conference. > > Before you read the announcement below, I would like to invite you to > read a manifesto on capability-based security that I wrote. This > document tries to explain the necessity for a system like CloudABI. > > > https://docs.google.com/a/nuxi.nl/document/d/1tW_4CDRuy7HZSkUd6AcDccga_efuIx6ZoyNV9ZLXbJ8/edit > > # What is CloudABI? > > CloudABI is an alternative POSIX-like runtime environment that is > purely based on the principles behind Capsicum. It can be used to > design complex applications that behave correctly in an environment > that enforces capability-based security. CloudABI executables can be > executed in such a way that the expose as little as possible about the > host operating system, making it perfectly suitable as a building > block for a safe and secure cluster/cloud computing setup. It could > also be used to add support for untrusted plugins and extensions to > existing applications (like Google's Native Client, but not tied to a > browser). > > Compared to FreeBSD's binary interface, CloudABI is extremely compact > (~60 system calls). The idea behind this is that adding support for > CloudABI to existing operating systems should not be hard. An > implementation for FreeBSD exists and support for Linux is planned. > The intent is that binaries can be executed on multiple operating > systems without requiring any recompilation. > > Support for CloudABI has already been upstreamed to LLVM/Clang and > Binutils. It is therefore very easy to build and install a cross > compiler for CloudABI. Cross compilation has already been tested to > work on Linux, FreeBSD and Mac OS X. > > CloudABI ships with a C library called cloudlibc. This C library has > been designed in such a way that it works reliably in a sandboxed > environment. Features that are known to break when using Capsicum on > FreeBSD (timezones, locales) still work properly with cloudlibc. > cloudlibc has high testing coverage. This high testing coverage will > also play a crucial role in ensuring that operating systems implement > support for CloudABI consistently. > > All of CloudABI is and will remain MIT/BSD licensed. The code can be > found on GitHub: > > cloudlibc: https://github.com/NuxiNL/cloudlibc > FreeBSD kernel modifications: https://github.com/NuxiNL/freebsd > > CloudABI has been developed by Nuxi, a company that I founded last > year. Nuxi plans on offering commercial support on CloudABI and its > components. Interested in hearing how CloudABI can make your product > more secure? Please get in touch at info@nuxi.nl to see if there's > anything we can do to help out! > > # Where to go from here? > > My goal is to present CloudABI at BSDCan and discuss all the fine > details with anyone who is interested. Does the idea behind CloudABI > sound appealing to you? Can you think of killer use cases? Be sure to > talk to me at the conference. If you won't be attending BSDCan this > year: no problem! Emails are also appreciated. > > In my opinion it would make sense to have support for CloudABI > integrated into FreeBSD by the time the kernel module becomes more > mature. Expect to see more discussions on the mailing lists by the > time that happens. > > In the meantime, be sure to give CloudABI a try and let us know what > you think. Instructions on how to obtain a toolchain and patch up your > FreeBSD kernel are provided on cloudlibc's GitHub page. We'd love to > hear your opinion! > > Thanks, > Looks good but a patch would have probably been better for users looking to backport to say 10.1, or apply to a more recent current and help to track progress. In the meantime, Ill take a look at whats there. > -- > Ed Schouten > > [1] CloudABI at BSDCan: > http://www.bsdcan.org/2015/schedule/events/524.en.html > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" >