Capsicum (Unix): Difference between revisions
Capsicum for Linux is no longer upstreamed. |
Ne (00) olli (talk | contribs) No edit summary |
||
Line 1: | Line 1: | ||
'''Capsicum''' is an implementation of [[capability-based security]] for [[UNIX]] and [[Unix-like|similar]] systems. Presented at [[USENIX]] 2010, the system is part of [[FreeBSD]] since its 9.0 release. It has also been adapted to [[DragonflyBSD]] in the form of kernel [[Patch (computing)|patches]].<ref>{{cite web |title=Capsicum: practical capabilities for UNIX |url=https://www.cl.cam.ac.uk/research/security/capsicum/ |website=Cambridge Computer Laboratory |accessdate=8 April 2020}}</ref> |
'''Capsicum''' is an implementation of [[capability-based security]] for [[UNIX]] and [[Unix-like|similar]] systems. Presented at [[USENIX]] 2010, the system is part of [[FreeBSD]] since its 9.0 release. It has also been adapted to [[DragonflyBSD]] in the form of kernel [[Patch (computing)|patches]].<ref>{{cite web |title=Capsicum: practical capabilities for UNIX |url=https://www.cl.cam.ac.uk/research/security/capsicum/ |website=Cambridge Computer Laboratory |accessdate=8 April 2020}}</ref> |
||
The system works by chunking the normal permissions up into very small pieces. When a process enters capsicum mode, it loses all permissions normally associated with its controlling user, |
The system works by chunking the normal permissions up into very small pieces. When a process enters capsicum mode, it loses all permissions normally associated with its controlling user, except "capabilities" it already has in the form of [[file descriptor]]s. A process can also receive capabilities via [[Unix socket]]s. These file descriptors not only control access to the [[file system]], but also to other devices like the network sockets. [[Flag (computing)|Flags]] are also used to control more fine-grained access like reads and writes.<ref>{{cite web |last1=Edge |first1=Jake |title=Capsicum: practical capabilities for UNIX |url=https://lwn.net/Articles/482858/ |website=lwn.net |date=February 22, 2012}}</ref> |
||
== CloudABI == |
== CloudABI == |
Revision as of 10:55, 21 August 2023
Capsicum is an implementation of capability-based security for UNIX and similar systems. Presented at USENIX 2010, the system is part of FreeBSD since its 9.0 release. It has also been adapted to DragonflyBSD in the form of kernel patches.[1]
The system works by chunking the normal permissions up into very small pieces. When a process enters capsicum mode, it loses all permissions normally associated with its controlling user, except "capabilities" it already has in the form of file descriptors. A process can also receive capabilities via Unix sockets. These file descriptors not only control access to the file system, but also to other devices like the network sockets. Flags are also used to control more fine-grained access like reads and writes.[2]
CloudABI
CloudABI is an application binary interface based on capsicum. It keeps the overall capsicum permission model, but uses it to redesign a simplified environment for processes (system calls, C library, etc.) to run on, so that programs become portable to any platform supporting the ABI on the same instruction set architecture. The interface it offers is roughly POSIX minus parts that do not work with capability-based security. As of March 2020[update], CloudABI is natively a part of FreeBSD, and it can be run on other systems either via a Capsicum-based patch or using a non-secure system call emulator.[3][4]
As of October 2020, CloudABI has been deprecated in favor of WebAssembly System Interface for lack of interest.[3]
References
- ^ "Capsicum: practical capabilities for UNIX". Cambridge Computer Laboratory. Retrieved 8 April 2020.
- ^ Edge, Jake (February 22, 2012). "Capsicum: practical capabilities for UNIX". lwn.net.
- ^ a b "NuxiNL/cloudabi". Nuxi. 30 March 2020.
- ^ Brown, Neil (February 10, 2016). "CloudABI". lwn.net.
External links