Results 1 to 6 of 6

Thread: FreeBSD 10 Alpha Released

  1. #1
    Join Date
    Jan 2007
    Posts
    14,361

    Default FreeBSD 10 Alpha Released

    Phoronix: FreeBSD 10 Alpha Released

    While FreeBSD 9.2 hasn't even been released yet, the first alpha development release of FreeBSD 10.0 is now available...

    http://www.phoronix.com/vr.php?view=MTQ2MjA

  2. #2
    Join Date
    Feb 2012
    Location
    Kingston, Jamaica
    Posts
    296

    Default

    One of the rather interesting features of FreeBSD 10 should be Capsicum. It has been shipping since 9.0 but wasn't enabled by default. It should be enabled by default in 10.0 and ship along with Capsicum enhanced applications.

    Capsicum uses capabilities (not traditional POSIX capabilities) for security and sandboxing rather than the legacy UNIX MAC and DAC model.

    This offers increased flexibility and reliability for defining security policies.

    Anyone interested can read further: http://www.cl.cam.ac.uk/research/security/capsicum/

  3. #3
    Join Date
    Nov 2011
    Posts
    351

    Default

    is osx itself compiled with LLVM or GCC. and if so, since when?

  4. #4

    Default

    Quote Originally Posted by jayrulez View Post
    One of the rather interesting features of FreeBSD 10 should be Capsicum. It has been shipping since 9.0 but wasn't enabled by default. It should be enabled by default in 10.0 and ship along with Capsicum enhanced applications.

    Capsicum uses capabilities (not traditional POSIX capabilities) for security and sandboxing rather than the legacy UNIX MAC and DAC model.

    This offers increased flexibility and reliability for defining security policies.

    Anyone interested can read further: http://www.cl.cam.ac.uk/research/security/capsicum/
    It is worth noting that Apple uses Capsiculum in iOS to sandbox software from the App Store.

  5. #5
    Join Date
    Feb 2012
    Location
    Kingston, Jamaica
    Posts
    296

    Default

    Quote Originally Posted by ryao View Post
    It is worth noting that Apple uses Capsiculum in iOS to sandbox software from the App Store.
    Are you sure about this? I did a google search and found nothing that confirms this. All references point to Apple using something called seatbelt for sandboxing apps in the iOS.

    Could you provide a reference?

  6. #6
    Join Date
    Oct 2012
    Posts
    12

    Default

    No, apple does not use capsicum to secure iOS. Capsicum is still really young and still being heavily worked on. It's not yet ready for production usage, but it might become ready in the near future. Capsicum would need the iOS app to be re-written to benefit capsicum sandboxing, just like any other application : it's not a transparent security mechanism like MAC (Selinux, apparmaor, etc).

    But this is true that apple use a security mechanism developped for freeBSD by the Trusted BSD project, the same project from which capsicum comes from http://www.trustedbsd.org/. Apple uses the classic MAC approach for sandboxing, but it's still too weak and can be escaped more easily than a more fine grained mechanism like capsicum.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •