- Like many computer software topics, it is all about solving problems.
- Security within software is one of the most important parts.
- The purpose here is to secure applications to reduce the surface of attack vectors.
- Today we will be focusing in one particular solution.
-
Is a security framework to set fine grained control to file descriptors, from network based applications to daemons. Even a web browser ... Anything which uses a file descriptor.
-
Comes with a set of additional functions and a library (casper) to filter, for example, DNS requests.
-
Is available primarly on FreeBSD and in an unofficial Linux kernel version.
https://github.com/google/capsicum-linux
- There was an existing DragonflysBSD version at some point but was abandoned.
https://github.com/jorisgio/DragonFlyBSD/tree/capsicum
- Developed during FreeBSD 8.0x era.
- Is included in FreeBSD since 9.0 release (experimental).
- The kernel needs to be compiled with capsicum support in order to allow both kernel capabilities and related userland functions to be available.
- An handful of userland applications were converted along the time to use capsicum, some network related one (dhcpclient, tcpdump, traceroute), bhyve.
- The best userland example, often mentioned, is the popular Chromium web browser which uses sandboxing technique to secure Javascript usage, safe memory usage and the likes.
- Works only on file descriptors ...
- Thus as a consequence we cannot protect against certain potential harmful system calls (fork, chown, mkdir, ...).
- The indirect consequence of it is there is not much userland applications converted to capsicum.
- Linux Seccomp
- OpenBSD's pledge
https://gist.github.com/devnexen/232f4de03beddf09b4e93619d44ed8bc
- Despite the limitations described earlier, capsicum provides a great deal of safer softwares.
- If available applications are already benefitial from this approach, that will make the end user life better.