From owner-freebsd-announce@FreeBSD.ORG Mon Apr 15 15:55:30 2013 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 22E4AD87 for ; Mon, 15 Apr 2013 15:55:30 +0000 (UTC) (envelope-from deb@freebsd.org) Received: from aslan.scsiguy.com (www.scsiguy.com [70.89.174.89]) by mx1.freebsd.org (Postfix) with ESMTP id F15DD9CC for ; Mon, 15 Apr 2013 15:55:29 +0000 (UTC) Received: from Deb-Goodkins-MacBook-Pro.local (h-66-134-117-59.dnvtco56.static.covad.net [66.134.117.59]) (authenticated bits=0) by aslan.scsiguy.com (8.14.5/8.14.5) with ESMTP id r3FFtRjT019820 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Mon, 15 Apr 2013 09:55:28 -0600 (MDT) (envelope-from deb@freebsd.org) Message-ID: <516C22EE.1030108@freebsd.org> Date: Mon, 15 Apr 2013 09:55:26 -0600 From: Deb Goodkin User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130328 Thunderbird/17.0.5 MIME-Version: 1.0 To: freebsd-announce@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (aslan.scsiguy.com [70.89.174.89]); Mon, 15 Apr 2013 09:55:28 -0600 (MDT) X-Mailman-Approved-At: Mon, 15 Apr 2013 16:53:54 +0000 Subject: [FreeBSD-Announce] FreeBSD Foundation Announces Capsicum Framework Project X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Apr 2013 15:55:30 -0000 Dear FreeBSD Community, The FreeBSD Foundation is pleased to announce that Pawel Jakub Dawidek has been awarded a development grant to further improve the Capsicum framework. The grant is jointly funded by Google's Open Source Programs Office. The project includes the integration of previous work, implementation of new programmer-friendly capability system calls, improvements to the Casper Capsicum service daemon, and sandboxing various security-sensitive applications. "My previous Capsicum work focused on improving the framework itself to make it a better fit for real world applications. This new project will make use of the improved Capsicum to secure sensitive programs and libraries found in FreeBSD. The project will also produce many examples for others to follow, allowing them to take advantage of Capsicum to improve the security of their programs," said Pawel. Ben Laurie, of Google's security team, added that "traditional operating system security is based on Access Control Lists (ACLs). Decades of experience has made it quite clear this is the wrong model - but how can we move to a better way without having to rebuild everything? Capsicum shows that it is possible to migrate gradually from the broken ACL world to a more robust capability based world. We are pleased to be involved in the next step of its evolution." The project is expected to be completed by June 2013. The FreeBSD Foundation