.. I discovered over the last months is Capsicum. http://www.cl.cam.ac.uk/research/security/capsicum/papers/2010usenix-login-c... It comparts _parts_ of an application and grants specific rights to them. It also discusses and compares several methods, especially used to tame Chromium. While it is prototyped and partially included in FreebSD-Current (and upcoming release 9, I think), there is a port to Linux as well, supported by the project team. See, among others, the discussion here: https://lists.cam.ac.uk/pipermail/cl-capsicum-discuss/2011-January/msg00000.... Regards Peter
Peter Ross wrote:
.. I discovered over the last months is Capsicum.
http://www.cl.cam.ac.uk/research/security/capsicum/papers/2010usenix-login-c...
It comparts _parts_ of an application and grants specific rights to them.
It also discusses and compares several methods, especially used to tame Chromium.
Cough. Wouldn't it be easier to just not write huge bloated pieces of shit in the first place? "do one thing and do it well".
participants (2)
-
Peter Ross -
Trent W. Buck