Linux Security Summit 2014/Abstracts/Drysdale

From Linux Kernel Security Subsystem
Jump to: navigation, search


Capsicum on Linux


David Drysdale, Google


Capsicum is a lightweight security framework, blending concepts from object-capability security with POSIX operating system semantics.

In particular, Capsicum allows the operations that can be performed on individual file descriptors to be restricted to those specified by a set of fine-grained rights.

Capsicum also implements capability mode, which restricts a process from using system calls that access global namespaces (such as the directory hierarchy or IP:port space), and so prevents access to any new resources.

The combination of these features allows security-aware applications to sandbox themselves in a precise manner, without relying on external policy.

Capsicum was originally created at the University of Cambridge Computing Laboratory [1] and implemented in FreeBSD 9.0. Google is currently implementing equivalent functionality for the Linux kernel.

This discussion topic covers the core concepts of Capsicum, together with the specific issues arising from the Linux kernel implementation.