Date: Tue, 05 Jul 2011 00:13:10 +0400 From: Ilya Bakulin <webmaster@kibab.com> To: soc-status@freebsd.org Cc: "Robert N. M. Watson" <robert.watson@cl.cam.ac.uk>, Jonathan Anderson <jonathan.anderson@cl.cam.ac.uk>, Ben Laurie <benl@google.com> Subject: [Status Update] Capsicum adaptation project: Week 6 Message-ID: <4E121ED6.6000103@kibab.com>
index | next in thread | raw e-mail
[-- Attachment #1 --] Hi, this is the fifth update for Capsicum adaptation project. During last week I have discussed my syslogd(8) changes with Ben. He said that my way of modificatiion "looks suspiciously easy", and that we need to test if all unneeded privileges have been discarded. This requires switching to FreeBSD-capsicum branch from p4, which I haven't done yet. After this is done, I will be able to use modified procstat to examine process privileges. Ben also agrees that I should make such switch. I was in Belarus the most time during this week, and visited LVEE'2011 conference there. During this conference I spoke to Alexey Cheusov from NetBSD project, who is doing similar security stuff at NetBSD now. We will likely discuss capsicum-related questions in the meantime. This week I plan to: 1) Finally switch to p4 version of FreeBSD-capsicum (or even git tree, will dicuss with John & Robert); 2) Fix syslogd capsicumization by using procstat; 3) Try to modify ntpd and xz archiver. The latter shoud be relatively easy, because gzip has the same functionality and workflow, and it has also been adapted to use Capsicum; ntpd is more complex thing. 4) Raise (finally!) an open discussion on hackers@ about next possible applications to pay attention to. -- Regards, Ilya Bakulin http://kibab.com xmpp://kibab612@jabber.ru [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4SHtoACgkQo9vlj1oadwhBawCeI5dZPWgM03BnuSc8+yX1mAzm p4gAoOZ7KUmd2bIFRjJaCgmEELDzq/oR =/ctq -----END PGP SIGNATURE-----home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E121ED6.6000103>