Loading...

Capsicum and Casper - more than a lipstick on a pig

1,155 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on May 17, 2014

Don't build security on hacks

by Mariusz Zaborski Pawel Jakub Dawidek

Capsicum and Casper are FreeBSD proposal for a clean, robust and intuitive application compartmentalization. Today's sandboxing techniques build on top of existing technologies that weren't really designed for this sort of protection (like chroot(2), rlimit(2), setuid(2), Mandantory Access Control, etc.). Capsicum and Casper provide rich infrastructure for breaking applications into multiple useful sandboxes and thus significantly reducing Trusted Computing Base.

Capsicum is a lightweight OS capability and sandbox framework implementing a hybrid capability system model. The Casper daemon enables sandboxed application to use functionality normally unavailable in capability-mode sandboxes.

The talk will discuss Capsicum framework, Casper daemon and its services. It will provide introduction based on already implemented examples to those new FreeBSD features. The talk will also present existing portable sandboxing implementations to give clear picture how hacky those solutions are.

Loading...

When autoplay is enabled, a suggested video will automatically play next.

Up next


to add this to Watch Later

Add to

Loading playlists...