December 17, 2013
The FreeBSD Foundation is pleased to announce the successful completion of work on the improvement and integration of the Capsicum framework and the Casper services daemon. The Google Open Source Programs Office and the FreeBSD Foundation jointly sponsored Paweł Jakub Dawidek for this project.
Capsicum is a lightweight OS capability and sandbox framework developed at the University of Cambridge Computer Laboratory. Capsicum extends the POSIX API, providing several new OS primitives to support object-capability security on UNIX-like operating systems. Capsicum is now a standard part of FreeBSD, and ports to other operating systems are in progress.
The Casper daemon provides an easy to use programming interface for services which are otherwise difficult or impossible to access in a capability sandbox, including DNS resolution, access to the password and system groups database, entropy, and sysctl system configuration nodes.
“Libcapsicum and the Casper daemon make it easier for application developers to take advantage of capability sandboxing — a critical step in allowing not just web browsers, but also security-ciritical desktop applications such as mail readers and office suites, to mitigate security vulnerabilities,” said Robert N. M. Watson, the FreeBSD Foundation board member and University of Cambridge lecturer who led the Google-funded Capsicum research project.
The new libnv library developed as part of this project simplifies inter-process communication, a critical aspect of the Capsicum sandboxing model. Redesigned capability rights allow for finer-grained control of individual capabilities by eliminating the previous limit on the number of different kinds of file-descriptor operations controlled by capabilities.
Capsicum API enhancements appear in FreeBSD 10.0 along with sandboxing of a number of base-system components; Casper will be available from FreeBSD 10.1 on, and will be used by a number of base system components including tcpdump and kdump.