Add Capsicum entry from emaste

svn path=/head/; revision=49584

en_US.ISO8859-1/htdocs/news/status/report-2016-07-2016-09.xml

@@ -1917,4 +1917,160 @@
       <p>George attended the ARM Partner Meeting in Cambridge.</p>
     </body>
   </project>
+
+  <project cat='proj'>
+    <title>Capsicum Update</title>
+
+    <contact>
+      <person>
+	<name>
+	  <given>Allan</given>
+	  <common>Jude</common>
+	</name>
+	<email>allanjude@FreeBSD.org</email>
+      </person>
+
+      <person>
+	<name>
+	  <given>Baptiste</given>
+	  <common>Daroussin</common>
+	</name>
+	<email>bapt@FreeBSD.org</email>
+      </person>
+
+      <person>
+	<name>
+	  <given>Conrad</given>
+	  <common>Meyer</common>
+	</name>
+	<email>cem@FreeBSD.org</email>
+      </person>
+
+      <person>
+	<name>
+	  <given>Ed</given>
+	  <common>Maste</common>
+	</name>
+	<email>emaste@FreeBSD.org</email>
+      </person>
+
+      <person>
+	<name>
+	  <given>Mariusz</given>
+	  <common>Zaborski</common>
+	</name>
+	<email>oshogbo@FreeBSD.org</email>
+      </person>
+    </contact>
+
+    <links>
+      <url href="https://wiki.FreeBSD.org/Capsicum">Capsicum Wiki Page</url>
+    </links>
+
+    <body>
+      <p>Several developers have undertaken a recent effort to
+	sandbox additional applications in the base system.
+	This work is proceeding nicely and one of the goals is to target
+	basic utilities used in security sensitive applications, like
+	<tt>freebsd-update</tt> and <tt>portsnap</tt>.</p>
+
+      <p>This work higlighted two longstanding challenges in
+	applying Capsicum.  First, there are a number of common
+	constructs shared by many simple programs, such as limiting
+	capability rights on the stdio file descriptors.  To address
+	this, a set of capsicum helper routines have been added for
+	these common cases.</p>
+
+      <p>Second, a common challenge occurs where applications need
+	to open an arbitrarily large number of files, possibly from
+	various directories, where preopening the file descriptors may
+	not be suitable.  Several possible solutions for this are in
+	discussion.</p>
+
+      <p>Recently Capsicumized utilities include:</p>
+
+      <ul>
+	<li><tt>bspatch</tt></li>
+
+	<li><tt>cmp</tt></li>
+
+	<li><tt>ident</tt></li>
+
+	<li><tt>primes</tt></li>
+
+	<li><tt>tee</tt></li>
+
+	<li><tt>tr</tt></li>
+
+	<li><tt>write</tt></li>
+      </ul>
+
+      <p>Additional Capsicum changes are in review:</p>
+
+      <ul>
+	<li><tt>b64decode</tt>, <tt>b64encode</tt>,
+	  <tt>uudecode</tt>, <tt>uuencode</tt></li>
+
+	<li><tt>brandelf</tt></li>
+
+	<li>dma-mbox-create</li>
+
+	<li>elf2aout</li>
+
+	<li><tt>file</tt></li>
+
+	<li><tt>head</tt></li>
+
+	<li><tt>hexdump</tt></li>
+
+	<li><tt>iconv</tt></li>
+
+	<li><tt>ident</tt></li>
+
+	<li><tt>jot</tt></li>
+
+	<li><tt>ktrdump</tt></li>
+
+	<li><tt>lam</tt></li>
+
+	<li><tt>last</tt></li>
+
+	<li><tt>ministat</tt></li>
+
+	<li><tt>praudit</tt></li>
+
+	<li><tt>strings</tt></li>
+      </ul>
+
+      <p>An additional syscall (<tt>getdtablesize</tt>) and
+	additional sysctls (<tt>kern.proc.nfds</tt>,
+	<tt>kern.hostname</tt>, etc.) are now permitted in capability
+	mode.  </p>
+
+      <p>Capability rights are now propagated to child descriptors on
+	accept(2).</p>
+
+      <p>Capsicum is now enabled in the 32-bit compatibility syscall
+	layer.</p>
+
+      <p>Per-process (<tt>procctl</tt>) and global (<tt>sysctl</tt>)
+	settings have been added to aid in debugging while
+	Capsicumizing existing applications.  When enabled, instead of
+	returning ENOTCAPABLE or ECAPMODE for a system call, the
+	kernel will issue a SIGTRAP to generate a core dump or enter
+	the debugger.  </p>
+    </body>
+
+    <sponsor>
+      Dell EMC Isilon
+    </sponsor>
+
+    <sponsor>
+      ScaleEngine Inc.
+    </sponsor>
+
+    <sponsor>
+      The FreeBSD Foundation
+    </sponsor>
+  </project>
 </report>