LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

LSS: The kernel hardening roundtable

LSS: The kernel hardening roundtable

Posted Sep 22, 2011 7:23 UTC (Thu) by trasz (guest, #45786)
Parent article: LSS: The kernel hardening roundtable

Might be worth mentioning that FreeBSD already provides an "extended seccomp"; it's called Capsicum. In a talk (http://www.youtube.com/watch?v=raNx9L4VH2k) there is a nice table comparing the number of lines of code that it took to properly sandobox Chromium using different mechanisms - with Linux and seccomp, it was 11300 lines of code and it was still incomplete; with FreeBSD and Capsicum, it was 100 lines.

(Log in to post comments)

LSS: The kernel hardening roundtable

Posted Sep 22, 2011 19:52 UTC (Thu) by Yorick (subscriber, #19241) [Link]

A capability-based model like Capsicum's would indeed be very nice to have for Linux, for many reasons:
  • It would give a much more useful environment than a stark read()/write()/_exit() isolation cell
  • It is based on sound reasoning that is easy to understand (principle of least authority, zero ambient authority)
  • It would force a healthy review of all the different namespaces in Linux, making us ask ourselves "is this really needed?", and useful ways of converting them into honest file descriptors
  • Properly done, it would practically give process containers for free
  • The Capsicum project itself has demonstrated feasibility and we roughly know what to expect from their experience, both in terms of implementation and use
Last time I looked, Capsicum hadn't really addressed resource limitations; this might be necessary in the long run, but is probably not stricly necessary for a first useful attempt.

LSS: The kernel hardening roundtable

Posted Oct 11, 2011 11:58 UTC (Tue) by Pawlerson (guest, #74136) [Link]

This looks nice as a propaganda which is typical for bsd fanboys. I'd like to know how many lines of code freebsd needs to implement SELinux? Entire Linux kernel?

LSS: The kernel hardening roundtable

Posted Oct 11, 2011 12:19 UTC (Tue) by trasz (guest, #45786) [Link]

Not sure why would anyone want to reimplement those, but regarding SELinux - FreeBSD already implements several Mandatory Access Control policies. Differently from Linux, they are stackable. This framework is also used by several commercial operating systems, including MacOS X.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds