I’m pleased to announce that the work on sandboxing the dd utility using Capsicum framework has been successfully
completed and from today it’s available
in FreeBSD-CURRENT.
Sandboxing base utilities increases the security of all tools using them. dd is often used when working with images
and Capsicum provides additional layer of protection from malicious actions. I hope to see it in the **
11.1-RELEASE** sometime in the next year.
I continue to work on sandboxing bhyve and other utilities from base system.
The work was sponsored by Mysterious Code Ltd.
