Session Leader: MariuszZaborski
https://hackmd.io/MqmyWiPvTwa0CWMbUM8Kvg (content has been migrated to this page)
- Capsicum
- Capsicum built unconditionally?
- optional Capsicum results in unfortunate "errno != ENOSYS" anti-pattern
- enabled by default in most GENERIC kernels today, but not arm
- enable along with armv7 GENERIC
- why are people building w/o Capsicum today? unknown
- desire to execute performance tests (bz)
- too late for 12.0, benchmark within next 2.5 years
- UWaterloo co-op student could do benchmarking in Jan-Apr 2019 term
- switch sense of option or add to all kernel configs?
- setproctitle(3)
- recently optimized version
- should it be allowed in capability mode?
- room concensus suggests yes
- Capsicum built unconditionally?
- Capsicum-ish infrastracture
- Casper services
- dns, groups, passwd, random, sysctls, syslog
- capsicum helpers
- fdunlinkat(2)
- process descriptors
- thread descriptors (for debugging)
- Casper services
- Capcisized things in base
- Capcisize things in ports
- okular (not upstreamed)
- irssi upstreamed (trasz)
- Chromium (rather old patch set)
- Firefox - need Capsicum support in Rust
- git (server)
- svn server
- Chrome embedded framework (CEF)
- ffmpeg
- libavcodec, libavformat difficult to sandbox due to large API surface
- vlc
- Higher-level design documentation for compartmentalization / Capsicum application needed
- maybe document netdump server as an example of a relatively straightforward but non-trival case
- certs in the base system
- in progress
- Format string bug (%n) proposal
- Microsoft disables by default
- Disable by default in our libc
- Add ELF flag or special function to enable it
- Request ports exp-run with patch to produce errors if found
- theraven: add printf_unsafe, have Clang use it if %n found in static format string
- non-static format strings using %n fail or have to call printf_unsafe
- (Selective?) application of hardening flags
- base system perhaps not too interesting, except for libraries
- relationship with shipping IR
- don't always compose
- vulnerability mitigations
- ASLR
- waiting on review
- W^X
- brooks?
- ASLR
- jails
- reduced timer resolution in jails???
- wish we had a way of managing them in the base system
- ex. dockeresque ability
- kerberos
- pick one
- pick MIT
- pick one