Date: Fri, 08 Jul 2011 07:42:12 +0400 From: Ilya Bakulin <webmaster@kibab.com> To: freebsd-hackers@freebsd.org Cc: "Robert N. M. Watson" <robert.watson@cl.cam.ac.uk>, Jonathan Anderson <jonathan.anderson@cl.cam.ac.uk>, Ben Laurie <benl@google.com> Subject: Capsicum project: Ideas needed Message-ID: <4E167C94.70300@kibab.com>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigD3767EDBEB3864393338BB2F Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi hackers, As a part of ongoing effort to enhance usage of Capsicum in FreeBSD base system, I want to ask you, which applications in the base system should receive sandboxing support. So far, the following applications were sandboxed during initial Capsicum research project: sshd: critical system service run by root; gzip: utility that operates with potentially buggy compression code tcpdump: contains complex packet-parsing code, run by root; I have added sandboxing to syslogd, because this is also a critical system service run by root. I'm also going to add sandboxing to xz (compression algorithms) and ntpd (critical system service run by root). The question is: which applications should also be processed? I think that the most wanted candidates are SUID programs and/or popular network daemons. But looking at gzip example I also think about text-processing tools in general. At the moment I prefer not to focus on applications that are used only on desktop system -- primary usage of FreeBSD is ultra-reliable serving platform, although iXSystems guys may correct me :-) --=20 Regards, Ilya Bakulin http://kibab.com xmpp://kibab612@jabber.ru --------------enigD3767EDBEB3864393338BB2F Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4WfJkACgkQo9vlj1oadwjDRACfajS6Nb6+Kn+6RWmguVVdHC6S wlIAoJrwKr9tlxl3BL50sizKFlFLerm+ =OBXp -----END PGP SIGNATURE----- --------------enigD3767EDBEB3864393338BB2F--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E167C94.70300>