Capsicum (bigger and badder sandboxing)

paean

paean

I was thrilled to read about Robert Watson's Capsicum this morning. It would appear FreeBSD will be getting bigger and badder sandboxing capabilities. Having read a portion of Mr Watson's paper, it appears that Capsicum will fundamentally and drastically extend program separation and overall security in FreeBSD.

Previously, I'd asked for tips on securing a web browser and its environment, and received some informed responses. Given that the work on Capsicum has been joined at the hip with Chromium, this is as good of a response as I could have hoped for! :beergrin

Thank you Mr Watson.
 
I'm curious to see how this compares to FreeBSD Jails and if it has any advantages over it. I doubt its more powerful then Jails. Is Capsicum in the kernel, can it manage resources like Jails?

z3r0

paean said:
I was thrilled to read about Robert Watson's Capsicum this morning. It would appear FreeBSD will be getting bigger and badder sandboxing capabilities. Having read a portion of Mr Watson's paper, it appears that Capsicum will fundamentally and drastically extend program separation and overall security in FreeBSD.

Previously, I'd asked for tips on securing a web browser and its environment, and received some informed responses. Given that the work on Capsicum has been joined at the hip with Chromium, this is as good of a response as I could have hoped for! :beergrin

Thank you Mr Watson.
Click to expand...
 
You must log in or register to reply here.
Back
Top