[Cryptography] North Korea and Sony

Ralf Senderek crypto at senderek.ie
Fri Dec 12 11:36:34 EST 2014

On Thu, 11 Dec 2014 21:44:45 Ray Dillinger wrote:

>On 12/10/2014 05:13 PM, Bill Frantz wrote:
>> More importantly, we should automatically open any program in a limited
>> authority space which limits its ability to access/change things to
>> "need to know".
>Right now there do not seem to be any capability-based secure
>Operating systems that have reached a level of development
>making them viable as real options for real companies to be
>using for everyday work.
>Could this be fixed?
>			Bear

CAPSICUM _is there_ for BSD and Linux for more than a year, but still has
not got enough traction so that applications really use it. In principle
capsicum provides a means to sandbox certain parts of an existing
application, but the application itself would have to be rewritten to use
the new features. Your email client example should be an interesting
candidate for such a rewrite.

In their one year old paper the University of Cambridge Computer 
Laboratory state:


"We hope to kick off a new batch of application adaptation in coming 
months — as well as integration with features such as DNSSEC. However, we 
also need your help in adapting applications to use Capsicum on systems 
that support it!"

Looks, like the necessary help hadn't been there.


More information about the cryptography mailing list