From owner-soc-status@FreeBSD.ORG Mon Jul 4 20:13:19 2011 Return-Path: Delivered-To: soc-status@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 50EEA1065677 for ; Mon, 4 Jul 2011 20:13:19 +0000 (UTC) (envelope-from webmaster@kibab.com) Received: from mx0.deglitch.com (cl-414.sto-01.se.sixxs.net [IPv6:2001:16d8:ff00:19d::2]) by mx1.freebsd.org (Postfix) with ESMTP id F423D8FC23 for ; Mon, 4 Jul 2011 20:13:18 +0000 (UTC) Received: from kibab-darwin.local (95-24-141-10.broadband.corbina.ru [95.24.141.10]) by mx0.deglitch.com (Postfix) with ESMTPSA id A53C48FC36; Tue, 5 Jul 2011 00:13:15 +0400 (MSD) Message-ID: <4E121ED6.6000103@kibab.com> Date: Tue, 05 Jul 2011 00:13:10 +0400 From: Ilya Bakulin User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; ru; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11 MIME-Version: 1.0 To: soc-status@freebsd.org X-Enigmail-Version: 1.1.1 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig9888A1DC47D729B712A0CFFA" Cc: "Robert N. M. Watson" , Jonathan Anderson , Ben Laurie Subject: [Status Update] Capsicum adaptation project: Week 6 X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Jul 2011 20:13:19 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig9888A1DC47D729B712A0CFFA Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi, this is the fifth update for Capsicum adaptation project. During last week I have discussed my syslogd(8) changes with Ben. He said= that my way of modificatiion "looks suspiciously easy", and that we need= to test if all unneeded privileges have been discarded. This requires sw= itching to FreeBSD-capsicum branch from p4, which I haven't done yet. Aft= er this is done, I will be able to use modified procstat to examine proce= ss privileges. Ben also agrees that I should make such switch. I was in Belarus the most time during this week, and visited LVEE'2011 co= nference there. During this conference I spoke to Alexey Cheusov from Net= BSD project, who is doing similar security stuff at NetBSD now. We will l= ikely discuss capsicum-related questions in the meantime. This week I plan to: 1) Finally switch to p4 version of FreeBSD-capsicum (or even git tree, wi= ll dicuss with John & Robert); 2) Fix syslogd capsicumization by using procstat; 3) Try to modify ntpd and xz archiver. The latter shoud be relatively eas= y, because gzip has the same functionality and workflow, and it has also = been adapted to use Capsicum; ntpd is more complex thing. 4) Raise (finally!) an open discussion on hackers@ about next possible ap= plications to pay attention to. --=20 Regards, Ilya Bakulin http://kibab.com xmpp://kibab612@jabber.ru --------------enig9888A1DC47D729B712A0CFFA Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4SHtoACgkQo9vlj1oadwhBawCeI5dZPWgM03BnuSc8+yX1mAzm p4gAoOZ7KUmd2bIFRjJaCgmEELDzq/oR =/ctq -----END PGP SIGNATURE----- --------------enig9888A1DC47D729B712A0CFFA--