Date: Fri, 8 Jul 2011 21:58:19 +0100 From: "Robert N. M. Watson" <robert.watson@cl.cam.ac.uk> To: Brian Reichert <reichert@numachi.com> Cc: Ilya Bakulin <webmaster@kibab.com>, Jonathan Anderson <jonathan.anderson@cl.cam.ac.uk>, Ben Laurie <benl@google.com>, freebsd-hackers@freebsd.org Subject: Re: Capsicum project: Ideas needed Message-ID: <19C31A36-F509-4FA3-B157-B2436A3A40B8@cl.cam.ac.uk> In-Reply-To: <20110708180805.GN7386@numachi.com> References: <4E167C94.70300@kibab.com> <20110708180805.GN7386@numachi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8 Jul 2011, at 19:08, Brian Reichert wrote: > On Fri, Jul 08, 2011 at 07:42:12AM +0400, Ilya Bakulin wrote: >> The question is: which applications should also be processed? I think >> that the most wanted candidates are SUID programs and/or popular = network >> daemons. >=20 > I propose 'man'; sneaky stuff can happen there.... >=20 > Dunno if that meshes with your focus on servers, though... This seems like a perfect example of something that wants to be = sandboxed, especially in a post-nroff mandoc world where a single C = binary can be sandboxed. Robert=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19C31A36-F509-4FA3-B157-B2436A3A40B8>