# Capsicum (bigger and badder sandboxing)



## paean (Jun 2, 2010)

I was thrilled to read about Robert Watson's Capsicum this morning. It would appear FreeBSD will be getting bigger and badder sandboxing capabilities. Having read a portion of Mr Watson's paper, it appears that Capsicum will fundamentally and drastically extend program separation and overall security in FreeBSD.  

Previously, I'd asked for tips on securing a web browser and its environment, and received some informed responses. Given that the work on Capsicum has been joined at the hip with Chromium, this is as good of a response as I could have hoped for! :beergrin

Thank you Mr Watson.


----------



## z3R0 (Jun 8, 2010)

I'm curious to see how this compares to FreeBSD Jails and if it has any advantages over it. I doubt its more powerful then Jails. Is Capsicum in the kernel, can it manage resources like Jails?

z3r0



			
				paean said:
			
		

> I was thrilled to read about Robert Watson's Capsicum this morning. It would appear FreeBSD will be getting bigger and badder sandboxing capabilities. Having read a portion of Mr Watson's paper, it appears that Capsicum will fundamentally and drastically extend program separation and overall security in FreeBSD.
> 
> Previously, I'd asked for tips on securing a web browser and its environment, and received some informed responses. Given that the work on Capsicum has been joined at the hip with Chromium, this is as good of a response as I could have hoped for! :beergrin
> 
> Thank you Mr Watson.


----------



## graudeejs (Jun 8, 2010)

ATM I got to 5th page... very interesting


----------

