From owner-freebsd-hackers@FreeBSD.ORG  Fri Jul  8 20:58:22 2011
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 40CEE1065674
	for <freebsd-hackers@freebsd.org>; Fri,  8 Jul 2011 20:58:22 +0000 (UTC)
	(envelope-from robert.watson@cl.cam.ac.uk)
Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42])
	by mx1.freebsd.org (Postfix) with ESMTP id 1B0598FC08
	for <freebsd-hackers@freebsd.org>; Fri,  8 Jul 2011 20:58:22 +0000 (UTC)
Received: from [192.168.2.112]
	(host86-144-167-158.range86-144.btcentralplus.com [86.144.167.158])
	by cyrus.watson.org (Postfix) with ESMTPSA id DC1DC46B43;
	Fri,  8 Jul 2011 16:58:20 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: "Robert N. M. Watson" <robert.watson@cl.cam.ac.uk>
In-Reply-To: <20110708180805.GN7386@numachi.com>
Date: Fri, 8 Jul 2011 21:58:19 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <19C31A36-F509-4FA3-B157-B2436A3A40B8@cl.cam.ac.uk>
References: <4E167C94.70300@kibab.com> <20110708180805.GN7386@numachi.com>
To: Brian Reichert <reichert@numachi.com>
X-Mailer: Apple Mail (2.1084)
X-Mailman-Approved-At: Sat, 09 Jul 2011 05:10:48 +0000
Cc: Ilya Bakulin <webmaster@kibab.com>,
	Jonathan Anderson <jonathan.anderson@cl.cam.ac.uk>,
	Ben Laurie <benl@google.com>, freebsd-hackers@freebsd.org
Subject: Re: Capsicum project: Ideas needed
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2011 20:58:22 -0000


On 8 Jul 2011, at 19:08, Brian Reichert wrote:

> On Fri, Jul 08, 2011 at 07:42:12AM +0400, Ilya Bakulin wrote:
>> The question is: which applications should also be processed? I think
>> that the most wanted candidates are SUID programs and/or popular =
network
>> daemons.
>=20
> I propose 'man'; sneaky stuff can happen there....
>=20
> Dunno if that meshes with your focus on servers, though...

This seems like a perfect example of something that wants to be =
sandboxed, especially in a post-nroff mandoc world where a single C =
binary can be sandboxed.

Robert=