From owner-svn-doc-all@freebsd.org Wed Oct 26 00:38:29 2016 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0C7A6C21C2A; Wed, 26 Oct 2016 00:38:29 +0000 (UTC) (envelope-from bjk@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D58383D6; Wed, 26 Oct 2016 00:38:28 +0000 (UTC) (envelope-from bjk@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u9Q0cSoO046242; Wed, 26 Oct 2016 00:38:28 GMT (envelope-from bjk@FreeBSD.org) Received: (from bjk@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u9Q0cSEA046241; Wed, 26 Oct 2016 00:38:28 GMT (envelope-from bjk@FreeBSD.org) Message-Id: <201610260038.u9Q0cSEA046241@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bjk set sender to bjk@FreeBSD.org using -f From: Benjamin Kaduk Date: Wed, 26 Oct 2016 00:38:28 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r49584 - head/en_US.ISO8859-1/htdocs/news/status X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Oct 2016 00:38:29 -0000 Author: bjk Date: Wed Oct 26 00:38:27 2016 New Revision: 49584 URL: https://svnweb.freebsd.org/changeset/doc/49584 Log: Add Capsicum entry from emaste Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2016-07-2016-09.xml Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2016-07-2016-09.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/news/status/report-2016-07-2016-09.xml Wed Oct 26 00:24:53 2016 (r49583) +++ head/en_US.ISO8859-1/htdocs/news/status/report-2016-07-2016-09.xml Wed Oct 26 00:38:27 2016 (r49584) @@ -1917,4 +1917,160 @@

George attended the ARM Partner Meeting in Cambridge.

+ + + Capsicum Update + + + + + Allan + Jude + + allanjude@FreeBSD.org + + + + + Baptiste + Daroussin + + bapt@FreeBSD.org + + + + + Conrad + Meyer + + cem@FreeBSD.org + + + + + Ed + Maste + + emaste@FreeBSD.org + + + + + Mariusz + Zaborski + + oshogbo@FreeBSD.org + + + + + Capsicum Wiki Page + + + +

Several developers have undertaken a recent effort to + sandbox additional applications in the base system. + This work is proceeding nicely and one of the goals is to target + basic utilities used in security sensitive applications, like + freebsd-update and portsnap.

+ +

This work higlighted two longstanding challenges in + applying Capsicum. First, there are a number of common + constructs shared by many simple programs, such as limiting + capability rights on the stdio file descriptors. To address + this, a set of capsicum helper routines have been added for + these common cases.

+ +

Second, a common challenge occurs where applications need + to open an arbitrarily large number of files, possibly from + various directories, where preopening the file descriptors may + not be suitable. Several possible solutions for this are in + discussion.

+ +

Recently Capsicumized utilities include:

+ +
    +
  • bspatch
    • + +
  • cmp
    • + +
  • ident
    • + +
  • primes
    • + +
  • tee
    • + +
  • tr
    • + +
  • write
    • +
+ +

Additional Capsicum changes are in review:

+ +
    +
  • b64decode, b64encode, + uudecode, uuencode
    • + +
  • brandelf
    • + +
  • dma-mbox-create
    • + +
  • elf2aout
    • + +
  • file
    • + +
  • head
    • + +
  • hexdump
    • + +
  • iconv
    • + +
  • ident
    • + +
  • jot
    • + +
  • ktrdump
    • + +
  • lam
    • + +
  • last
    • + +
  • ministat
    • + +
  • praudit
    • + +
  • strings
    • +
+ +

An additional syscall (getdtablesize) and + additional sysctls (kern.proc.nfds, + kern.hostname, etc.) are now permitted in capability + mode.

+ +

Capability rights are now propagated to child descriptors on + accept(2).

+ +

Capsicum is now enabled in the 32-bit compatibility syscall + layer.

+ +

Per-process (procctl) and global (sysctl) + settings have been added to aid in debugging while + Capsicumizing existing applications. When enabled, instead of + returning ENOTCAPABLE or ECAPMODE for a system call, the + kernel will issue a SIGTRAP to generate a core dump or enter + the debugger.

+ + + + Dell EMC Isilon + + + + ScaleEngine Inc. + + + + The FreeBSD Foundation + +