[GSOC] capsicum week6 report

Muhammad Nuzaihan Bin Kamal Luddin muhammad at taqisystems.com
Mon Jul 29 00:28:27 PDT 2013 

Thumbs up!. :)

On 07/29/2013 03:11 PM, Loganaden Velvindron wrote:
> Awesome man :-)
>
> Keep it up !
>
>
> On Mon, Jul 29, 2013 at 10:29 AM, Joris Giovannangeli 
> <joris at giovannangeli.fr <mailto:joris at giovannangeli.fr>> wrote:
>
>     Hi,
>
>     this week I've been stabilizing my work a bit more. The implementation
>     is still rough but "functionnal". I've finished the capability mode by
>     modifying the sycall path and the syscall table to check if a
>     syscall is
>     allowed in capability mode and return ECAPMODE if not. I've converted
>     most of the holdfp calls to check capability rights, but there is
>     still
>     some calls I must read more carefully to find which rights they need.
>     I've made the nlookup path return ECAPMODE when doing a non-relative
>     lookup. For now, the code is not perfect because i can leak
>     information
>     from outside the sandbox. Indeed, if an early error is returned, I
>     don't
>     check if the current namecache entry is still in sandbox and
>     return the
>     error (EEXIST, ENOENT, etc). This is a bug. I've been trying to modify
>     this behaviour, but for now, it's completely broken.
>     To test the work, i've ported the capsicum-enabled bzip2 a student has
>     done for FreeBSD during gsoc :
>     https://svnweb.freebsd.org/socsvn/soc2013/dpl/head/ . I've run it on a
>     vkernel, and it can compress and decompress files w/o troubles.
>
>     Joris
>
>
>
>
> -- 
> This message is strictly personal and the opinions expressed do not 
> represent those of my employers, either past or present.
>
>
>
>


-- 
Taqi Systems
269-J Jalan Panji
Kampung Chempaka, Kota Bharu, Kelantan 16100

Phone: +6097738657
Mobile: +60199788657

pub   4096R/4C77F88C 2013-04-06 [expires: 2015-04-06]
       Key fingerprint = 2FE1 87FA E775 2E05 CC0F  B3F6 3CB7 C65F 4C77
F88C
uid                  Muhammad Nuzaihan Bin Kamal Luddin
<muhammad at taqisystems.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/kernel/attachments/20130729/cc8a7394/attachment-0002.html>

More information about the Kernel mailing list