Capsicum

From owner-svn-doc-all@FreeBSD.ORG Sat Jul 6 21:29:51 2013 Return-Path: Delivered-To: svn-doc-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 2A6273F3; Sat, 6 Jul 2013 21:29:51 +0000 (UTC) (envelope-from pgj@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 1A390167F; Sat, 6 Jul 2013 21:29:51 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r66LTo91015131; Sat, 6 Jul 2013 21:29:50 GMT (envelope-from pgj@svn.freebsd.org) Received: (from pgj@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r66LTohJ015130; Sat, 6 Jul 2013 21:29:50 GMT (envelope-from pgj@svn.freebsd.org) Message-Id: <201307062129.r66LTohJ015130@svn.freebsd.org> From: Gabor Pali Date: Sat, 6 Jul 2013 21:29:50 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r42179 - head/en_US.ISO8859-1/htdocs/news/status X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jul 2013 21:29:51 -0000 Author: pgj Date: Sat Jul 6 21:29:50 2013 New Revision: 42179 URL: http://svnweb.freebsd.org/changeset/doc/42179 Log: - Add Q2 report on Capsicum-based sandboxing in base Submitted by: pjd Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2013-04-2013-06.xml Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2013-04-2013-06.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/news/status/report-2013-04-2013-06.xml Sat Jul 6 19:41:49 2013 (r42178) +++ head/en_US.ISO8859-1/htdocs/news/status/report-2013-04-2013-06.xml Sat Jul 6 21:29:50 2013 (r42179) @@ -18,7 +18,7 @@

Thanks to all the reporters for the excellent work! This report - contains 16 entries and we hope you enjoy reading it.

+ contains 17 entries and we hope you enjoy reading it.

The deadline for submissions covering between July and September 2013 @@ -858,4 +858,102 @@ + + + Capsicum + + + + + Pawel Jakub + Dawidek + + pjd@FreeBSD.org + + + + + Capsicum + Mailing List + + cl-capsicum-discuss@lists.cam.ac.uk + + + + + + + + + +

Capsicum (lightweight OS capability and sandbox framework) is + being actively worked on. In the last few months the following + tasks have been completed:

+ +

Committed Capsicum overhaul to &os; head (r247602). + This allows to use capability rights in more places, simplifies + kernel code and implements ability to limit ioctl(2) + and fcntl(2) system calls.
hastd(8) is now using Capsicum for sandboxing, as + whitelisting ioctls is possible (r248297).
auditdistd(8) is now using Capsicum for sandboxing, + as it is now possible to setup append-only restriction on file + descriptor (available in Perforce).
Implemented connectat(2) and bindat(2) + system calls for UNIX domain sockets that are allowed in + capability mode (r247667).
Implemented chflagsat(2) system call + (r248599).
Revised the Casper daemon for application capabilities.
Implemented libcapsicum for application + capabilities.
Implemented various Casper services to be able to use more + functionality within a sandbox: system.dns, + system.pwd, system.grp, + system.random, system.filesystem, + system.socket, system.sysctl.
Implemented Capsicum sandboxing for kdump(1) (from + r251073 to r251167). The version in Perforce also supports + sandboxing for the -r flag, using Casper + services.
Implemented Capsicum sandboxing for dhclient(8) + (from r252612 to r252697).
Implemented Capsicum sandboxing for tcpdump(8) + (available in Perforce).
Implemented Capsicum sandboxing for libmagic(3) + (available in Perforce).
Implemented the libnv library for name/value pairs + handling in the hope of wider adaptation across &os;.

+ +

For Capsicum-based sandboxing in the &os; base system, the + commits referenced above and the provided code aim to serve as + examples. We would like to see more &os; tools to be sandboxed + — every tool that can parse data from untrusted sources, + for example.

+ +

This work is being sponsored by the &os; Foundation and + Google.

+ + + + Get involved, make the Internet finally(!) a secure place. + Contact us at the cl-capsicum-discuss mailing list, + where we can provide guidelines on how to do sandboxing + properly. The fame is there, waiting. + +