Hacker News new | past | comments | ask | show | jobs | submit login

Not really -- I'm not involved with capsicum, either as a developer or as a user (yet... I'm waiting for this project to make it easier for me to integrate capsicum into my code). What I know is just based on talking to the people behind capsicum.

The best information is on the Capsicum website: http://www.cl.cam.ac.uk/research/security/capsicum/

Particularly interesting bits:

chromium-capsicum - a version of Google's Chromium web browser that uses capability mode and capabilities to provide effective sandboxing of high-risk web page rendering.

Library self-compartmentalization - we are adapting a number of commonly-used libraries, such as compression and image processing libraries, to automatically execute risky portions of their code in capability mode sandboxes. This will allow largely or entirely unmodified applications, such as web browers, to benefit from lightweight and easy-to-deploy sandboxing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: