FreeBSD Capsicum article

I will start with a digression from the topic of the article.

Modern OSes provides different mechanisms to isolate userland applications from each other. This is important because the CPU provides only limited protections which mostly protects from the basic improper access. The recent vulnerabi...

Continue reading...

Introduction

In the FreeBSD 10.0 to the kernel there was introduced a new technology called 'Capsicum' by Robert Watson and Jonathan Anderson which is based on a "hybrid capability and UNIX access control mode" approach. This is quite fast and reliable software used to apply additional const...

Continue reading...