I’m pleased to announce that the work on sandboxing the
dd utility using Capsicum framework has been successfully completed and from today it’s available in FreeBSD-CURRENT.
Sandboxing base utilities increases the security of all tools using them.
dd is often used when working with images and Capsicum provides additional layer of protection from malicious actions.
I hope to see it in the 11.1-RELEASE sometime in the next year.
I continue to work on sandboxing
bhyve and other utilities from base system.
The work was sponsored by Mysterious Code Ltd.