I was thrilled to read about Robert Watson's Capsicum (http://www.cl.cam.ac.uk/research/security/capsicum/papers/2010usenix-security-capsicum-website.pdf) this morning. It would appear FreeBSD will be getting bigger and badder sandboxing capabilities. Having read a portion of Mr Watson's paper, it appears that Capsicum will fundamentally and drastically extend program separation and overall security in FreeBSD.

Previously (http://forums.freebsd.org/showthread.php?t=11931), I'd asked for tips on securing a web browser and its environment, and received some informed responses. Given that the work on Capsicum has been joined at the hip with Chromium, this is as good of a response as I could have hoped for! :beergrin

Thank you Mr Watson.

I'm curious to see how this compares to FreeBSD Jails and if it has any advantages over it. I doubt its more powerful then Jails. Is Capsicum in the kernel, can it manage resources like Jails?

z3r0

I was thrilled to read about Robert Watson's Capsicum (http://www.cl.cam.ac.uk/research/security/capsicum/papers/2010usenix-security-capsicum-website.pdf) this morning. It would appear FreeBSD will be getting bigger and badder sandboxing capabilities. Having read a portion of Mr Watson's paper, it appears that Capsicum will fundamentally and drastically extend program separation and overall security in FreeBSD.

Previously (http://forums.freebsd.org/showthread.php?t=11931), I'd asked for tips on securing a web browser and its environment, and received some informed responses. Given that the work on Capsicum has been joined at the hip with Chromium, this is as good of a response as I could have hoped for! :beergrin

Thank you Mr Watson.

ATM I got to 5th page... very interesting