Capsicumization of the base system
Student: HansLu(hanslu95@FreeBSD.org)
- Mentors:
Project description
- This project aims to capsicumize the base system tools, which ranges from command line tool to system daemon. In order to sandbox the existing tools, We must figure it out that how an application interacts with system. By adding capability primitives to standard UNIX APIs, giving it a realistic adoption path for one of the ideals of OS security: least-privilege operation.
Deliverables
Title |
Capsicumize wall(1) |
Capsicumize tftpd(8) |
Capsicumize ntpd() |
Capsicumize usr.bin\su |
Test Plan
- ktrace will be utilized to monitor system calls and identify missing
- the Capsicum user space test suite will be employed, providing unit tests for Capsicum.
- set up kern.trap_enotcap to get signal and stop application when we
- violated capability and use gdb on corefiles and executables to trace system call
- In the final stage of the test.posting my work on reviews.freebsd.org to
- let other module developers verify it.
My patch
wall
- limit the file descriptor used by open. it sets up a specific right (write) for a file descriptor and then attempts to enforce the limitation. If the operation fails, the program will terminate with a specific error message
tftpd
- broadcast udp connection is invalid in capability mode therefore we need to specify the host to connect to. finished udp connection in capability mode between client and server. the file operation in tftpd still are not completed and it needs time to reimplement.
Future
- From this project I gained tremendous experience and also learned many concepts. Thanks to the strong support from my mentors and the welcoming environment of FreeBSD.After this I hope I could keep contribute to freebsd foundation and finish the remaining application after this project.
Some record
Reports |