A Linux kernel developer is working on porting FreeBSD's CAPSICUM security framework over to the Linux kernel.
In announcing his work at the end of June that's now being discussed amongst kernel stakeholders, David Drysdale wrote, "The last couple of versions of FreeBSD (9.x/10.x) have included the Capsicum security framework, which allows security-aware applications to sandbox themselves in a very fine-grained way. For example, OpenSSH now uses Capsicum in its FreeBSD version to restrict sshd's credentials checking process, to reduce the chances of credential leakage. It would be good to have equivalent functionality in Linux, so I've been working on getting the Capsicum framework running in the kernel, and I'd appreciate some feedback/opinions on the general design approach."
from Tux Machines http://ift.tt/1rIVlSv
via IFTTT
No comments:
Post a Comment