lists | 13 Aug 01:45 2010
Picon

Capsicum: practical capabilities for UNIX

http://www.lightbluetouchpaper.org/2010/08/12/capsicum-practical-capabilities-for-unix/

Capsicum: practical capabilities for UNIX

August 12th, 2010 at 02:57 UTC by Robert N. M. Watson

Today, Jonathan Anderson, Ben Laurie, Kris Kennaway, and I
presented Capsicum: practical capabilities for UNIX at the 19th
USENIX Security Symposium in Washington, DC; the slides can
be found on the Capsicum web site. We argue that capability
design principles fill a gap ....

http://www.cl.cam.ac.uk/research/security/capsicum/
John Carlson | 13 Aug 02:59 2010
Picon
Picon

Re: Capsicum: practical capabilities for UNIX

What kind of capabilities do you have for the desktop?  What kinds of permissions are available for the
desktop?  Who can open, read, change, close a window?  Can I pass desktop privileges to other desktops?

John
On Aug 12, 2010, at 4:45 PM, lists@... wrote:

> http://www.lightbluetouchpaper.org/2010/08/12/capsicum-practical-capabilities-for-unix/
> 
> Capsicum: practical capabilities for UNIX
> 
> August 12th, 2010 at 02:57 UTC by Robert N. M. Watson
> 
> Today, Jonathan Anderson, Ben Laurie, Kris Kennaway, and I
> presented Capsicum: practical capabilities for UNIX at the 19th
> USENIX Security Symposium in Washington, DC; the slides can
> be found on the Capsicum web site. We argue that capability
> design principles fill a gap ....
> 
> http://www.cl.cam.ac.uk/research/security/capsicum/
> _______________________________________________
> cap-talk mailing list
> cap-talk@...
> http://www.eros-os.org/mailman/listinfo/cap-talk
John Carlson | 13 Aug 03:05 2010
Picon
Picon

Re: Capsicum: practical capabilities for UNIX

Ah, now I see the chromium thing.  Interesting...

John
On Aug 12, 2010, at 5:59 PM, John Carlson wrote:

> What kind of capabilities do you have for the desktop?  What kinds of permissions are available for the
desktop?  Who can open, read, change, close a window?  Can I pass desktop privileges to other desktops?
> 
> 
> John
> On Aug 12, 2010, at 4:45 PM, lists@... wrote:
> 
>> http://www.lightbluetouchpaper.org/2010/08/12/capsicum-practical-capabilities-for-unix/
>> 
>> Capsicum: practical capabilities for UNIX
>> 
>> August 12th, 2010 at 02:57 UTC by Robert N. M. Watson
>> 
>> Today, Jonathan Anderson, Ben Laurie, Kris Kennaway, and I
>> presented Capsicum: practical capabilities for UNIX at the 19th
>> USENIX Security Symposium in Washington, DC; the slides can
>> be found on the Capsicum web site. We argue that capability
>> design principles fill a gap ....
>> 
>> http://www.cl.cam.ac.uk/research/security/capsicum/
>> _______________________________________________
>> cap-talk mailing list
>> cap-talk@...
>> http://www.eros-os.org/mailman/listinfo/cap-talk
> 
(Continue reading)

lists | 13 Aug 14:08 2010
Picon

Re: Capsicum: practical capabilities for UNIX

John Carlson writes:

> What kind of capabilities do you have for the desktop? ...

Are you addressing Ben?  He's one of the perpetrators of this scheme.
Mike Samuel | 16 Aug 20:14 2010
Picon

OWASPs talk on ocaps

Jasvir and I gave a talk at an OWASP conference in June on how ocaps
and virtualization can be used in tandem to bolt new security policies
onto systems with hard legacy constraints.

The video and slides are now up at http://owasp.blip.tv/file/3917705/

Also of interest might be Sergio Maffei's talk "#(New) Object
Capabilities and Isolation of Untrusted Web Applications."
(video: http://owasp.blip.tv/file/3918179/ , slides:
http://www.owasp.org/images/0/0c/OWASP_AppSec_Research_2010_Obj_Capabilities_by_Maffeis.pdf
)

cheers,
mike

Gmane