Capsicum (Unix)

Capsicum is an implementation of capability-based security for UNIX and similar systems. Presented at USENIX 2010, the system is part of FreeBSD since its 9.0 release. It has also been adapted to DragonflyBSD in the form of kernel patches.^[1] Further technical details can be found in the Ph.D. thesis^[2] by Robert Watson.

The system works by chunking the normal permissions up into very small pieces. When a process enters capsicum mode, it loses all permissions normally associated with its controlling user, except "capabilities" it already has in the form of file descriptors. A process can also receive capabilities via Unix sockets. These file descriptors not only control access to the file system, but also to other devices like the network sockets. Flags are also used to control more fine-grained access like reads and writes.^[3]

^ "Capsicum: practical capabilities for UNIX". Cambridge Computer Laboratory. Retrieved 8 April 2020.
^ Watson, Robert N. M. (2012). "New approaches to operating system security extensibility". Cambridge Computer Laboratory. doi:10.48456/tr-818. Retrieved 1 April 2024.
^ Edge, Jake (February 22, 2012). "Capsicum: practical capabilities for UNIX". lwn.net.

[1] "Capsicum: practical capabilities for UNIX". Cambridge Computer Laboratory. Retrieved 8 April 2020.

[2] Watson, Robert N. M. (2012). "New approaches to operating system security extensibility". Cambridge Computer Laboratory. doi:10.48456/tr-818. Retrieved 1 April 2024.

[3] Edge, Jake (February 22, 2012). "Capsicum: practical capabilities for UNIX". lwn.net.

[1]

[2]

[3]