Introducing Capsicum: practical capabilities for UNIX
- Autores: Robert N.M Watson, Jonathan Anderson, Ben Laurie, Kris Kennaway
- Localización: ;login:: the magazine of USENIX & SAGE, ISSN 1044-6397, Vol. 35, Nº. 6 (DIC), 2010, págs. 7-17
- Idioma: inglés
- Texto completo no disponible (Saber más ...)
-
Resumen
Applications, are increasingly turning to privilege separation, or sandboxing to protect themselves from malicious data, but these protections are built on the weak foundation of primitives such as chroot and setuid. Capsicum, is a scheme that augments the UNIX security model with fine-grained capabilities and a sandboxed capability mode, allowing applications to dynamically impose capability discipline on themselves. This approach lets applications authors express securitiy policies in code, ensuring that application-level concerns such as Web domains map well onto robust OS primitives. In this article we explain how Capsicum functions, compare it to other current sandboxing technologies in Linux, Mac OS, and Windows, and provide examples of integrating Capsicum into existing applications, from tcpdump and gzip to the Chronium Web browser.
