Capsicum: Practical Capabilities for UNIX

[Hungry Man]

-https://www.youtube.com/watch?v=raNx9L4VH2k-

There's more info out there and it was released with FreeBSD 9.

http://lackingrhoticity.blogspot.com...-capsicum.html

[chronomatic]

Yeah i watched that talk a while back. The creator of AppArmor was in the audience and asked a question at the end (that guy now works at Microsoft and no longer develops AA).

That project appears to take the same form as SECCOMP. Capability based security. It is doubtful such a system will ever replace MAC systems, but they can work well together.

[Hungry Man]

Yeah, there's a Linux port supposedly in the works, although it has been two years.

It would be pretty great to have it on top of the current sandbox considering the current sandbox's weaknesses.

[chronomatic]

Quote:

Originally Posted by Hungry Man

Yeah, there's a Linux port supposedly in the works, although it has been two years.

It would be pretty great to have it on top of the current sandbox considering the current sandbox's weaknesses.

Following your link there was something I hadn't heard of: http://plash.beasts.org/wiki/

Looks interesting. It basically does what AppArmor does, except it has the property of being dynamic. That is, changing rules on the fly. For instance, with AA if you want to give Firefox the ability to upload files, you need to give it access to the entire directory. With Plash, you can give it access to *only* the file you want uploaded and it will change rules on the fly. Kinda cool.

EDIT: I just asked the AA devs what they think of Plash. One responded:

Quote:

I like the idea but I'm a little skeptical of chroot+library interpositioning (or recompiling..?)
chroot means it's useless for confining root-run applications and doesn't preclude non-root programs from getting their hands on an open fd to a directory outside the chroot

So they like the idea but don't think chroot() is too secure.