From owner-freebsd-security@FreeBSD.ORG Fri Aug 13 09:15:45 2010 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2913510656A7; Fri, 13 Aug 2010 09:15:45 +0000 (UTC) (envelope-from hugo@barafranca.com) Received: from mail.barafranca.com (mail.barafranca.com [67.213.67.47]) by mx1.freebsd.org (Postfix) with ESMTP id EC1928FC1A; Fri, 13 Aug 2010 09:15:44 +0000 (UTC) Received: from localhost (unknown [172.16.100.24]) by mail.barafranca.com (Postfix) with ESMTP id 6B6F89B7; Fri, 13 Aug 2010 09:02:26 +0000 (UTC) X-Virus-Scanned: amavisd-new at barafranca.com Received: from mail.barafranca.com ([172.16.100.24]) by localhost (mail.barafranca.com [172.16.100.24]) (amavisd-new, port 10024) with ESMTP id xjDDt1sOptK0; Fri, 13 Aug 2010 09:01:48 +0000 (UTC) Received: from [10.100.2.100] (a94-132-9-136.cpe.netcabo.pt [94.132.9.136]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.barafranca.com (Postfix) with ESMTPSA id 4EB439B2; Fri, 13 Aug 2010 09:01:47 +0000 (UTC) Message-ID: <4C650A01.5070002@barafranca.com> Date: Fri, 13 Aug 2010 10:01:53 +0100 From: Hugo Silva User-Agent: Thunderbird 2.0.0.23 (X11/20091030) MIME-Version: 1.0 To: Robert Watson References: In-Reply-To: Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@FreeBSD.org Subject: Re: Capsicum: practical capabilities for UNIX (fwd) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Aug 2010 09:15:45 -0000 Robert Watson wrote: > > For those following security and access control in FreeBSD, this may be > of interest. We'll have updated patches for Capsicum available for > FreeBSD 8.1 in the next week or so. Feedback on the approach would be > most welcome! > > Robert N M Watson > Computer Laboratory > University of Cambridge Very nice. I am looking forward to play with this ;-) > > ---------- Forwarded message ---------- > Date: Thu, 12 Aug 2010 03:00:03 -0000 > From: Light Blue Touchpaper > Reply-To: cl-security-research@lists.cam.ac.uk > To: cl-security-research@lists.cam.ac.uk > Subject: Capsicum: practical capabilities for UNIX > > URL: > http://www.lightbluetouchpaper.org/2010/08/12/capsicum-practical-capabilities-for-unix/ > > by Robert N. M. Watson > > Today, Jonathan Anderson, Ben Laurie, Kris Kennaway, and I presented > [Capsicum: > practical capabilities for UNIX][1] at the [19th USENIX Security > Symposium][2] > in Washington, DC; the [slides][3] can be found on the [Capsicum web > site][4]. > We argue that capability design principles fill a gap left by discretionary > access control (DAC) and mandatory access control (MAC) in operating > systems > when supporting security-critical and security-aware applications. > > Capsicum responds to the trend of application compartmentalisation > (sometimes > called privilege separation) by providing strong and well-defined isolation > primitives, and by facilitating rights delegation driven by the > application (and > eventually, user). These facilities prove invaluable, not just for > traditional > security-critical programs such as tcpdump and OpenSSH, but also complex > security-aware applications that map distributed security policies into > local > primitives, such as Google's Chromium web browser, which implement the > same- > origin policy when sandboxing JavaScript execution. > > Capsicum extends POSIX with a new _capability mode_ for processes, and > _capability_ file descriptor type, as well as supporting primitives such as > _process descriptors_. Capability mode denies access to global operating > system > namespaces, such as the file system and IPC namespaces: only delegated > rights > (typically via file descriptors or more refined capabilities) are > available to > sandboxes. We prototyped Capsicum on FreeBSD 9.x, and have extended a > variety of > applications, including Google's Chromium web browser, to use Capsicum for > sandboxing. Our paper discusses design trade-offs, both in Capsicum and in > applications, as well as a performance analysis. Capsicum is available > under a > BSD license. > > Capsicum is collaborative research between the University of Cambridge and > Google, and has been sponsored by Google, and will be a foundation for > future > work on application security, sandboxing, and usability security at > Cambridge > and Google. Capsicum has also been backported to FreeBSD 8.x, and Heradon > Douglas at Google has an in-progress port to Linux. > > We're also pleased to report the Capsicum paper won Best Student Paper > award at > the conference! > > [1]: > http://www.cl.cam.ac.uk/research/security/capsicum/papers/2010usenix- > security-capsicum-website.pdf > > [2]: http://www.usenix.org/events/sec10/ > > [3]: http://www.cl.cam.ac.uk/research/security/capsicum/slides/20100811 > -usenix-capsicum.pdf > > [4]: http://www.cl.cam.ac.uk/research/security/capsicum/ > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"