Wow, I like to see this activity. I'm the one that started this thread. Jean-Phillipe: The main problem we'll have if both of us work on this is that it won't not be possible to work on userland if the kernel doesn't yet provide capability mode.
Also, I think that both of us working in this project is not a good idea (specially given that what I liked most of this idea is the fact of getting to know the OpenBSD kernel, and work with it at the low level). FWIW, some future work with this would be great, but only after having the basic Capsicum support in the kernel. It's either that, or having a competition, and I would rather be able to work on something else than having a silly competition for a job, specially when there's a lot of work to be done :) Loganaden, many thanks for the awesome email(s) you sent here. I already contacted the "Implement clang/llvm static code checker" mentor, and he is quite responsive, so it seems that I just have found my proposal for OpenBSD :) Many thanks to everyone, and I'm happy to see that from this thread has sprung some activity over here. 2014-03-12 22:01 GMT+01:00 Jean-Philippe Ouellet <jean-phili...@ouellet.biz> : > On 3/12/14 4:58 AM, tuchalia wrote: > > Should l try to port also the Casper daemon to OpenBSD, or > > only work in the kernel implementation? > > Based on more private mail, I figured it'd be a good idea to make what I > plan to work on public in case there are others interested so we can > avoid stepping on each others' toes. > > I've been told that the OpenBSD project's main objective in supporting > capsicum is to have stronger privsep in our default services (think ssh, > etc.) and the first steps to support that are the relevant kernel > changes, therefore that's what I plan to work on first. > > I wasn't planning on doing anything with casper, user angels, etc. and > even porting libcapsicum was a 2ndary objective, at least not during > this summer. > > There's also a ton of userland things besides daemons/services that > could (probably should) be capsicumized. > > Just yesterday there was just a vuln reported by the debian folks in > their file(1) that potentially allowed arbitrary code execution. I > immediately checked our implementation and didn't see the same code that > was patched, but our src/usr.bin/file/softmagic.c still contains a ton > of logic which probably has at least one bug somewhere, and file(1) > should be a fairly easily capsicumizable utility. > > Userland capsicumization is something that could very easily be done by > multiple people since it's naturally separated into small chunks (per > utility). I planned to focus on getting the primary kernel > infrastructure in place this summer (because it's a somewhat large > project, and it would definitely help to be sponsored by Google so I can > focus on it) and then it'd be easier to work on userland stuff in small > chunks of free time throughout the next school year. > > The reason I really want to work on Capsicum is because it addresses my > primary concern with OpenBSD: the poor availability of post-exploit > mitigation techniques, especially post-parallelism with sysjail. I > haven't completely bought into what appears to me to be Robert Watson's > greater vision of a realistic transition path towards > capability-oriented operating systems, I mostly just want to improve the > tools I use every day. > > -- Daniel
