architectural-comparison

1 article
sort: new top best
clear filter
bug-bounty529 xss292 rce171 google149 account-takeover120 exploit119 facebook118 bragging-post118 malware105 privilege-escalation104 microsoft101 open-source94 authentication-bypass90 csrf89 cve82 stored-xss75 access-control75 ai-agents65 web-security64 phishing63 reflected-xss63 writeup56 input-validation52 ssrf51 reverse-engineering51 cross-site-scripting50 sql-injection50 smart-contract49 information-disclosure49 defi48 apple48 tool47 api-security46 ethereum45 privacy44 vulnerability-disclosure43 browser39 opinion39 llm38 web-application38 burp-suite37 ai-security37 web337 race-condition36 automation36 remote-code-execution36 responsible-disclosure35 supply-chain35 dos35 lfi34
0 7/10
FreeBSD Capsicum vs. Linux Seccomp Process Sandboxing
research

Comprehensive technical comparison of FreeBSD's Capsicum and Linux's seccomp-bpf sandboxing models, analyzing their opposite architectural philosophies (capability subtraction vs. syscall filtration) and demonstrating why Capsicum's structural approach is immune to bypass vulnerabilities like CVE-2022-30594 that affect filter-based systems.

sandboxing capsicum seccomp freebsd linux process-isolation capability-based-security syscall-filtering privilege-restriction ambient-authority tcpdump architectural-comparison cve-2022-30594
FreeBSD Linux Capsicum seccomp seccomp-bpf Robert Watson Jonathan Anderson Andrea Arcangeli Will Drewry CVE-2022-30594 USENIX Security tcpdump BPF PTRACE_SEIZE
vivianvoss.net · vermaden · 5 days ago · details · hn