|
|
Log in / Subscribe / Register

LSS: The kernel hardening roundtable

LSS: The kernel hardening roundtable

Posted Sep 22, 2011 7:23 UTC (Thu) by trasz (guest, #45786)
Parent article: LSS: The kernel hardening roundtable

Might be worth mentioning that FreeBSD already provides an "extended seccomp"; it's called Capsicum. In a talk (http://www.youtube.com/watch?v=raNx9L4VH2k) there is a nice table comparing the number of lines of code that it took to properly sandobox Chromium using different mechanisms - with Linux and seccomp, it was 11300 lines of code and it was still incomplete; with FreeBSD and Capsicum, it was 100 lines.

to post comments

LSS: The kernel hardening roundtable

Posted Sep 22, 2011 19:52 UTC (Thu) by Yorick (guest, #19241) [Link]

A capability-based model like Capsicum's would indeed be very nice to have for Linux, for many reasons:
  • It would give a much more useful environment than a stark read()/write()/_exit() isolation cell
  • It is based on sound reasoning that is easy to understand (principle of least authority, zero ambient authority)
  • It would force a healthy review of all the different namespaces in Linux, making us ask ourselves "is this really needed?", and useful ways of converting them into honest file descriptors
  • Properly done, it would practically give process containers for free
  • The Capsicum project itself has demonstrated feasibility and we roughly know what to expect from their experience, both in terms of implementation and use
Last time I looked, Capsicum hadn't really addressed resource limitations; this might be necessary in the long run, but is probably not stricly necessary for a first useful attempt.

LSS: The kernel hardening roundtable

Posted Oct 11, 2011 11:58 UTC (Tue) by Pawlerson (guest, #74136) [Link] (1 responses)

This looks nice as a propaganda which is typical for bsd fanboys. I'd like to know how many lines of code freebsd needs to implement SELinux? Entire Linux kernel?

LSS: The kernel hardening roundtable

Posted Oct 11, 2011 12:19 UTC (Tue) by trasz (guest, #45786) [Link]

Not sure why would anyone want to reimplement those, but regarding SELinux - FreeBSD already implements several Mandatory Access Control policies. Differently from Linux, they are stackable. This framework is also used by several commercial operating systems, including MacOS X.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds