The Linux Kernel Might Use FreeBSD's Capsicum Security Framework
A Linux kernel developer is working on porting FreeBSD's CAPSICUM security framework over to the Linux kernel.
In announcing his work at the end of June that's now being discussed amongst kernel stakeholders, David Drysdale wrote, "The last couple of versions of FreeBSD (9.x/10.x) have included the Capsicum security framework, which allows security-aware applications to sandbox themselves in a very fine-grained way. For example, OpenSSH now uses Capsicum in its FreeBSD version to restrict sshd's credentials checking process, to reduce the chances of credential leakage. It would be good to have equivalent functionality in Linux, so I've been working on getting the Capsicum framework running in the kernel, and I'd appreciate some feedback/opinions on the general design approach."
FreeBSD's Capsicum is further described by its man page as "a lightweight OS capability and sandbox framework implementing a hybrid capability system model. Capsicum can be used for application and library compartmentalisation, the decomposition of larger bodies of software into isolated (sandboxed) components in order to implement security policies and limit the impact of software vulnerabilities."
The discussion this month is carried over in this thread. There's some interest in Capsicum on Linux from upstream QEMU, a developer mentioning he's porting Capsicum usage to more user-space software, and other developers discussing the proposed Linux kernel implementation of Capsicum.
In announcing his work at the end of June that's now being discussed amongst kernel stakeholders, David Drysdale wrote, "The last couple of versions of FreeBSD (9.x/10.x) have included the Capsicum security framework, which allows security-aware applications to sandbox themselves in a very fine-grained way. For example, OpenSSH now uses Capsicum in its FreeBSD version to restrict sshd's credentials checking process, to reduce the chances of credential leakage. It would be good to have equivalent functionality in Linux, so I've been working on getting the Capsicum framework running in the kernel, and I'd appreciate some feedback/opinions on the general design approach."
FreeBSD's Capsicum is further described by its man page as "a lightweight OS capability and sandbox framework implementing a hybrid capability system model. Capsicum can be used for application and library compartmentalisation, the decomposition of larger bodies of software into isolated (sandboxed) components in order to implement security policies and limit the impact of software vulnerabilities."
The discussion this month is carried over in this thread. There's some interest in Capsicum on Linux from upstream QEMU, a developer mentioning he's porting Capsicum usage to more user-space software, and other developers discussing the proposed Linux kernel implementation of Capsicum.
1 Comment