Date: Wed, 26 Oct 2016 00:38:28 +0000 (UTC) From: Benjamin Kaduk <bjk@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r49584 - head/en_US.ISO8859-1/htdocs/news/status Message-ID: <201610260038.u9Q0cSEA046241@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bjk Date: Wed Oct 26 00:38:27 2016 New Revision: 49584 URL: https://svnweb.freebsd.org/changeset/doc/49584 Log: Add Capsicum entry from emaste Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2016-07-2016-09.xml Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2016-07-2016-09.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/news/status/report-2016-07-2016-09.xml Wed Oct 26 00:24:53 2016 (r49583) +++ head/en_US.ISO8859-1/htdocs/news/status/report-2016-07-2016-09.xml Wed Oct 26 00:38:27 2016 (r49584) @@ -1917,4 +1917,160 @@ <p>George attended the ARM Partner Meeting in Cambridge.</p> </body> </project> + + <project cat='proj'> + <title>Capsicum Update</title> + + <contact> + <person> + <name> + <given>Allan</given> + <common>Jude</common> + </name> + <email>allanjude@FreeBSD.org</email> + </person> + + <person> + <name> + <given>Baptiste</given> + <common>Daroussin</common> + </name> + <email>bapt@FreeBSD.org</email> + </person> + + <person> + <name> + <given>Conrad</given> + <common>Meyer</common> + </name> + <email>cem@FreeBSD.org</email> + </person> + + <person> + <name> + <given>Ed</given> + <common>Maste</common> + </name> + <email>emaste@FreeBSD.org</email> + </person> + + <person> + <name> + <given>Mariusz</given> + <common>Zaborski</common> + </name> + <email>oshogbo@FreeBSD.org</email> + </person> + </contact> + + <links> + <url href="https://wiki.FreeBSD.org/Capsicum">Capsicum Wiki Page</url> + </links> + + <body> + <p>Several developers have undertaken a recent effort to + sandbox additional applications in the base system. + This work is proceeding nicely and one of the goals is to target + basic utilities used in security sensitive applications, like + <tt>freebsd-update</tt> and <tt>portsnap</tt>.</p> + + <p>This work higlighted two longstanding challenges in + applying Capsicum. First, there are a number of common + constructs shared by many simple programs, such as limiting + capability rights on the stdio file descriptors. To address + this, a set of capsicum helper routines have been added for + these common cases.</p> + + <p>Second, a common challenge occurs where applications need + to open an arbitrarily large number of files, possibly from + various directories, where preopening the file descriptors may + not be suitable. Several possible solutions for this are in + discussion.</p> + + <p>Recently Capsicumized utilities include:</p> + + <ul> + <li><tt>bspatch</tt></li> + + <li><tt>cmp</tt></li> + + <li><tt>ident</tt></li> + + <li><tt>primes</tt></li> + + <li><tt>tee</tt></li> + + <li><tt>tr</tt></li> + + <li><tt>write</tt></li> + </ul> + + <p>Additional Capsicum changes are in review:</p> + + <ul> + <li><tt>b64decode</tt>, <tt>b64encode</tt>, + <tt>uudecode</tt>, <tt>uuencode</tt></li> + + <li><tt>brandelf</tt></li> + + <li>dma-mbox-create</li> + + <li>elf2aout</li> + + <li><tt>file</tt></li> + + <li><tt>head</tt></li> + + <li><tt>hexdump</tt></li> + + <li><tt>iconv</tt></li> + + <li><tt>ident</tt></li> + + <li><tt>jot</tt></li> + + <li><tt>ktrdump</tt></li> + + <li><tt>lam</tt></li> + + <li><tt>last</tt></li> + + <li><tt>ministat</tt></li> + + <li><tt>praudit</tt></li> + + <li><tt>strings</tt></li> + </ul> + + <p>An additional syscall (<tt>getdtablesize</tt>) and + additional sysctls (<tt>kern.proc.nfds</tt>, + <tt>kern.hostname</tt>, etc.) are now permitted in capability + mode. </p> + + <p>Capability rights are now propagated to child descriptors on + accept(2).</p> + + <p>Capsicum is now enabled in the 32-bit compatibility syscall + layer.</p> + + <p>Per-process (<tt>procctl</tt>) and global (<tt>sysctl</tt>) + settings have been added to aid in debugging while + Capsicumizing existing applications. When enabled, instead of + returning ENOTCAPABLE or ECAPMODE for a system call, the + kernel will issue a SIGTRAP to generate a core dump or enter + the debugger. </p> + </body> + + <sponsor> + Dell EMC Isilon + </sponsor> + + <sponsor> + ScaleEngine Inc. + </sponsor> + + <sponsor> + The FreeBSD Foundation + </sponsor> + </project> </report>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201610260038.u9Q0cSEA046241>