From owner-freebsd-hackers@FreeBSD.ORG  Fri Jul  8 04:25:29 2011
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DF936106566B
	for <freebsd-hackers@freebsd.org>; Fri,  8 Jul 2011 04:25:29 +0000 (UTC)
	(envelope-from mattjeet@gmail.com)
Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com
	[209.85.214.54])
	by mx1.freebsd.org (Postfix) with ESMTP id 6F9E38FC08
	for <freebsd-hackers@freebsd.org>; Fri,  8 Jul 2011 04:25:28 +0000 (UTC)
Received: by bwa20 with SMTP id 20so1942013bwa.13
	for <freebsd-hackers@freebsd.org>; Thu, 07 Jul 2011 21:25:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=mime-version:reply-to:sender:in-reply-to:references:date
	:x-google-sender-auth:message-id:subject:from:to:cc:content-type
	:content-transfer-encoding;
	bh=Y84w8gpc0SsNvPt2TXTwJPjsTQmGdh1Bot7mK/TmOxE=;
	b=wFoVk1wvu4g87Uxz2Ncie52MyVUh9K0gHkUNkJxzXX3c0M8+gmJgl3ctwnbxDt0CdK
	aAenVnD5cLO38j9WlutwM1kq7V0vP64SyojEGc+iVn/R1vbRaFPTKAhm4JUvHvNMhgHU
	CtQL8OnyMn0lJl1+Q92jzpEjQbxYP0PNm5dMg=
MIME-Version: 1.0
Received: by 10.205.24.79 with SMTP id rd15mr1238471bkb.177.1310097738921;
	Thu, 07 Jul 2011 21:02:18 -0700 (PDT)
Sender: mattjeet@gmail.com
Received: by 10.204.34.205 with HTTP; Thu, 7 Jul 2011 21:02:18 -0700 (PDT)
In-Reply-To: <4E167C94.70300@kibab.com>
References: <4E167C94.70300@kibab.com>
Date: Thu, 7 Jul 2011 21:02:18 -0700
X-Google-Sender-Auth: 29T1H7M2TAt0OQRWLl9f8A8SqIU
Message-ID: <CAK6u07UyQJyz+vXmxK1VA5vQPzRdL=7efFNtVRWshHkifK+H+w@mail.gmail.com>
From: Matt Olander <matt@ixsystems.com>
To: Ilya Bakulin <webmaster@kibab.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: freebsd-hackers@freebsd.org,
	"Robert N. M. Watson" <robert.watson@cl.cam.ac.uk>,
	Jonathan Anderson <jonathan.anderson@cl.cam.ac.uk>,
	Ben Laurie <benl@google.com>
Subject: Re: Capsicum project: Ideas needed
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: matt@ixsystems.com
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2011 04:25:30 -0000

On Thu, Jul 7, 2011 at 8:42 PM, Ilya Bakulin <webmaster@kibab.com> wrote:
> Hi hackers,
> As a part of ongoing effort to enhance usage of Capsicum in FreeBSD base
> system, I want to ask you, which applications in the base system should
> receive sandboxing support.
> So far, the following applications were sandboxed during initial
> Capsicum research project:
> =A0sshd: critical system service run by root;
> =A0gzip: utility that operates with potentially buggy compression code
> =A0tcpdump: contains complex packet-parsing code, run by root;
> I have added sandboxing to syslogd, because this is also a critical
> system service run by root.
> I'm also going to add sandboxing to xz (compression algorithms) and ntpd
> (critical system service run by root).
>
> The question is: which applications should also be processed? I think
> that the most wanted candidates are SUID programs and/or popular network
> daemons.
> But looking at gzip example I also think about text-processing tools in
> general.
>
> At the moment I prefer not to focus on applications that are used only
> on desktop system -- primary usage of FreeBSD is ultra-reliable serving
> platform, although iXSystems guys may correct me :-)

Haha, we will not disagree with you (yet!). This is a great project
and I appreciate your work on it.

What about inetd? Is that possible or does each service it support
need sandboxing, too? How about sendmail and bind?

Cheers,
-matt