Oblivious Sandboxing with Capsicum

Project description

Capsicum is a sandboxing framework for principled, coherent compartmentalisation of FreeBSD applications.However, a notable shortcoming of Capsicum today is that it only works when applications voluntarily give up the right to perform certain actions. It works with applications that understand Capsicum and that have been modified to be able to take its advantage. Up to now, no mechanisms have been provided for sandboxing the applications without their assistance i.e no mechanism has been developed to sandbox an application obliviously.

Approach to solving the problem

Currently only simple applications can run in the oblivious sandbox provided by capsh. This project will aim upon improving the wrapper system(libpreopen, capsh etc) and make applications work in an oblivious sandbox wherein applications will work in the sandbox without being modified or being known of, but this project will specifically focus on file(1) and Clang.

We aim on writing a core library which can do the "Run the application in a sandbox" work and making capsh a proof-of-concept wrapper around that.

The existing libpreopen and capsh code will provide a basis for understanding and improving the wrapper system based on the applications i.e file(1) and Clang chosen to sandbox obliviously.


The deliverables i aim to develop will be:


Test Plan



The Code






SummerOfCode2018Projects/ObliviousSandboxingwithCapsicum (last edited 2018-06-04T16:22:30+0000 by ShubhGupta)