- Add Q2 report on Capsicum-based sandboxing in base

Submitted by:	pjd

en_US.ISO8859-1/htdocs/news/status/report-2013-04-2013-06.xml

@@ -18,7 +18,7 @@
 
     <!-- XXX: keep updating the number of entries -->
     <p>Thanks to all the reporters for the excellent work!  This report
-      contains 16 entries and we hope you enjoy reading it.</p>
+      contains 17 entries and we hope you enjoy reading it.</p>
 
     <!-- XXX: set date for the next set of submissions -->
     <p>The deadline for submissions covering between July and September 2013
@@ -858,4 +858,102 @@
       </ul>
     </body>
   </project>
+
+  <project cat='bin'>
+    <title>Capsicum</title>
+
+    <contact>
+      <person>
+	<name>
+	  <given>Pawel Jakub</given>
+	  <common>Dawidek</common>
+	</name>
+	<email>pjd@FreeBSD.org</email>
+      </person>
+
+      <person>
+	<name>
+	  <given>Capsicum</given>
+	  <common>Mailing List</common>
+	</name>
+	<email>cl-capsicum-discuss@lists.cam.ac.uk</email>
+      </person>
+    </contact>
+
+    <links>
+      <url href="http://www.cl.cam.ac.uk/research/security/capsicum/"/>
+      <url href="https://lists.cam.ac.uk/mailman/listinfo/cl-capsicum-discuss"/>
+    </links>
+
+    <body>
+      <p>Capsicum (lightweight OS capability and sandbox framework) is
+	being actively worked on.  In the last few months the following
+	tasks have been completed:</p>
+
+      <ul>
+	<li>Committed Capsicum overhaul to &os; <tt>head</tt> (r247602).
+	  This allows to use capability rights in more places, simplifies
+	  kernel code and implements ability to limit <tt>ioctl(2)</tt>
+	  and <tt>fcntl(2)</tt> system calls.</li>
+
+	<li><tt>hastd(8)</tt> is now using Capsicum for sandboxing, as
+	  whitelisting ioctls is possible (r248297).</li>
+
+	<li><tt>auditdistd(8)</tt> is now using Capsicum for sandboxing,
+	  as it is now possible to setup append-only restriction on file
+	  descriptor (available in Perforce).</li>
+
+	<li>Implemented <tt>connectat(2)</tt> and <tt>bindat(2)</tt>
+	  system calls for UNIX domain sockets that are allowed in
+	  capability mode (r247667).</li>
+
+	<li>Implemented <tt>chflagsat(2)</tt> system call
+	  (r248599).</li>
+
+	<li>Revised the Casper daemon for application capabilities.</li>
+
+	<li>Implemented <tt>libcapsicum</tt> for application
+	  capabilities.</li>
+
+	<li>Implemented various Casper services to be able to use more
+	  functionality within a sandbox: <tt>system.dns</tt>,
+	  <tt>system.pwd</tt>, <tt>system.grp</tt>,
+	  <tt>system.random</tt>, <tt>system.filesystem</tt>,
+	  <tt>system.socket</tt>, <tt>system.sysctl</tt>.</li>
+
+	<li>Implemented Capsicum sandboxing for <tt>kdump(1)</tt> (from
+	  r251073 to r251167).  The version in Perforce also supports
+	  sandboxing for the <tt>-r</tt> flag, using Casper
+	  services.</li>
+
+	<li>Implemented Capsicum sandboxing for <tt>dhclient(8)</tt>
+	  (from r252612 to r252697).</li>
+
+	<li>Implemented Capsicum sandboxing for <tt>tcpdump(8)</tt>
+	  (available in Perforce).</li>
+
+	<li>Implemented Capsicum sandboxing for <tt>libmagic(3)</tt>
+	  (available in Perforce).</li>
+
+	<li>Implemented the <tt>libnv</tt> library for name/value pairs
+	  handling in the hope of wider adaptation across &os;.</li>
+      </ul>
+
+      <p>For Capsicum-based sandboxing in the &os; base system, the
+	commits referenced above and the provided code aim to serve as
+	examples.  We would like to see more &os; tools to be sandboxed
+	&mdash; every tool that can parse data from untrusted sources,
+	for example.</p>
+
+      <p>This work is being sponsored by the &os; Foundation and
+	Google.</p>
+    </body>
+
+    <help>
+      <task>Get involved, make the Internet finally(!) a secure place.
+	Contact us at the <tt>cl-capsicum-discuss</tt> mailing list,
+	where we can provide guidelines on how to do sandboxing
+	properly.  The fame is there, waiting.</task>
+    </help>
+  </project>
 </report>