LSS: The kernel hardening roundtable
LSS: The kernel hardening roundtable
Posted Sep 22, 2011 19:52 UTC (Thu) by Yorick (guest, #19241)In reply to: LSS: The kernel hardening roundtable by trasz
Parent article: LSS: The kernel hardening roundtable
A capability-based model like Capsicum's would indeed be very nice to have for Linux, for many reasons:
- It would give a much more useful environment than a stark read()/write()/_exit() isolation cell
- It is based on sound reasoning that is easy to understand (principle of least authority, zero ambient authority)
- It would force a healthy review of all the different namespaces in Linux, making us ask ourselves "is this really needed?", and useful ways of converting them into honest file descriptors
- Properly done, it would practically give process containers for free
- The Capsicum project itself has demonstrated feasibility and we roughly know what to expect from their experience, both in terms of implementation and use