Google moving twards sandboxing to improve Linux's security

From: Loganaden Velvindron <loganaden_at_gmail.com>
Date: Tue, 24 Mar 2015 20:33:22 +0000

Dear All,

I'm happy to announce that researchers at Google have produced an
experimental port of Capsicum, a sandboxing framework, From FreeBSD to
Linux.


As one of the developers of TCPDUMP, and OpenSSH, I'm happy to see
that our code is being used to improve the security of critical
networking applications on Linux.

http://pkg.capsicum-linux.org/index.html.

This may sound perhaps too premature, but I believe that Capsicum on
Linux will radically improve the security of major applications that
Linux users rely on heavily.


Quoting from the capsicum page:

Some particular Capsicumized applications are:

OpenSSH: The key updated package is openssh-server, but there are also
updated versions of openssh-client, openssh-sftp-server and
ssh-askpass-gnome. (Updates trivially adapted from the changes applied
by Loganaden Velvindron to Capsicumize for FreeBSD; original patch
from Dag-Erling Smorgrav).
tcpdump: Updates trivially adapted from the changes applied by
Loganaden Velvindron.
strings: The binutils package holds a Capsicumized version of the
strings application.





-- 
This message is strictly personal and the opinions expressed do not
represent those of my employers, either past or present.
Received on Tue Mar 24 2015 - 20:33:36 PST

This archive was generated by hypermail 2.3.0 : Tue Mar 24 2015 - 20:36:02 PST