I’m pleased to announce that the work on sandboxing the
dd
utility using Capsicum framework has been successfully completed and from today it’s available in FreeBSD-CURRENT.
Sandboxing base utilities increases the security of all tools using them. dd
is often used when working with images and Capsicum provides additional layer of protection from malicious actions.
I hope to see it in the 11.1-RELEASE sometime in the next year.
I continue to work on sandboxing bhyve
and other utilities from base system.
The work was sponsored by Mysterious Code Ltd.
Leave a comment