[cap-talk] FreeBSD Capsicum
John Carlson
john.carlson3 at sbcglobal.net
Thu Jan 21 21:14:37 PST 2010
Any chance of getting this into Darwin/Snow Leopard?
This looks like a great step forward!
John
On Jan 21, 2010, at 10:09 AM, Mark Seaborn wrote:
> I found out about this project today, "FreeBSD Capsicum":
>
> http://www.cl.cam.ac.uk/research/security/capsicum/
>
> """
> Capsicum is a lightweight OS capability and sandbox framework
> developed at the University of Cambridge Computer Laboratory,
> supported by a grant from Google. Capsicum extends the POSIX API,
> providing several new OS primitives to support object-capability
> security on UNIX-like operating systems:
>
> * capabilities - refined file descriptors with fine-grained rights
> * capability mode - process sandboxes that deny access to global namespaces
> * process descriptors - capability-centric process ID replacement
> * rtld-elf-cap - modified ELF run-time linker to construct
> sandboxed applications
> * libcapability - library to create and use capabilities and
> sandboxed components
> * libuserangel - library allowing sandboxed applications or
> components to interact with user angels, such as Power Boxes.
>
> We have prototyped Capsicum on FreeBSD 8.x, and our experimental code
> is available under a BSD license to encourage open source, research,
> and commercial deployment. We hope that the availability of Capsicum
> will make it easier for software developers and researchers to use
> capability-based security in operating systems and applications.
> """
>
> Mark
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
More information about the cap-talk
mailing list