David Chisnall looks at Capsicum, a new capability-oriented security model in FreeBSD 9, and how it can be used to implement reduced and separated privilege with small modifications to existing applications.

Read the article: Capsicum: Lightweight Isolation for FreeBSD Processes