Date: Tue, 05 Jul 2011 00:13:10 +0400 From: Ilya Bakulin <webmaster@kibab.com> To: soc-status@freebsd.org Cc: "Robert N. M. Watson" <robert.watson@cl.cam.ac.uk>, Jonathan Anderson <jonathan.anderson@cl.cam.ac.uk>, Ben Laurie <benl@google.com> Subject: [Status Update] Capsicum adaptation project: Week 6 Message-ID: <4E121ED6.6000103@kibab.com>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig9888A1DC47D729B712A0CFFA Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi, this is the fifth update for Capsicum adaptation project. During last week I have discussed my syslogd(8) changes with Ben. He said= that my way of modificatiion "looks suspiciously easy", and that we need= to test if all unneeded privileges have been discarded. This requires sw= itching to FreeBSD-capsicum branch from p4, which I haven't done yet. Aft= er this is done, I will be able to use modified procstat to examine proce= ss privileges. Ben also agrees that I should make such switch. I was in Belarus the most time during this week, and visited LVEE'2011 co= nference there. During this conference I spoke to Alexey Cheusov from Net= BSD project, who is doing similar security stuff at NetBSD now. We will l= ikely discuss capsicum-related questions in the meantime. This week I plan to: 1) Finally switch to p4 version of FreeBSD-capsicum (or even git tree, wi= ll dicuss with John & Robert); 2) Fix syslogd capsicumization by using procstat; 3) Try to modify ntpd and xz archiver. The latter shoud be relatively eas= y, because gzip has the same functionality and workflow, and it has also = been adapted to use Capsicum; ntpd is more complex thing. 4) Raise (finally!) an open discussion on hackers@ about next possible ap= plications to pay attention to. --=20 Regards, Ilya Bakulin http://kibab.com xmpp://kibab612@jabber.ru --------------enig9888A1DC47D729B712A0CFFA Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4SHtoACgkQo9vlj1oadwhBawCeI5dZPWgM03BnuSc8+yX1mAzm p4gAoOZ7KUmd2bIFRjJaCgmEELDzq/oR =/ctq -----END PGP SIGNATURE----- --------------enig9888A1DC47D729B712A0CFFA--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E121ED6.6000103>