|
Message-ID: <CABrd9SRNi8ujdMPz+dWcW_eP+-ztiM1q+V21F4EbeJjY2YyuOA@mail.gmail.com> Date: Tue, 15 May 2012 10:58:29 +0100 From: Ben Laurie <benl@...gle.com> To: oss-security@...ts.openwall.com Subject: Re: Using FreeBSD Capsicum for program and library sandboxing On 15 May 2012 02:52, Solar Designer <solar@...nwall.com> wrote: > Hi, > > A couple of days ago, Ben Laurie posted to the Secure Coding list about > using FreeBSD's experimental Capsicum support in the kernel to sandbox > bzip2 and libtiff ("wrapping it such that the calling application is > unaware it is wrapped") - as two initial examples, I presume. I found > this very interesting. Thanks. If you want to see the libtiff work, it's here: https://github.com/benlaurie/libtiff So far, I've wrapped enough (transparently!) to make a couple of trivial applications work. These are slightly cut-down versions of a couple of apps provided with libtiff. They're cut down because they add custom tags, which means registering callbacks, and I haven't designed how to wrap that yet :-) Before I do, I want to move onto a more "real" application. Not sure what I should choose, though, so suggestions are welcome... All new code is the wrapped/ subdirectory - so far I have not had to make any changes to libtiff, which is nice, but I do not rule it out. This one includes a rudimentary RPC compiler.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.