Check your privileges!: How to drop more of your privileges to reduce attack surface.

Presented at 32C3 (2015), Dec. 29, 2015, 4 p.m. (60 minutes).

After defensive programming techniques and before attack method mitigations, the least privilege principle is our strongest weapon against exploitation. Much of the focus has been on how the admin can sandbox processes away.

A recent development is the idea that the process itself can „sandbox itself away“. This talk explores how that works in practice and is aimed at interested programmers.

This talk will mostly focus on seccomp-filter and namespaces on Linux, but it will also talk about capsicum (FreeBSD) and tame (OpenBSD), and old-school methods like ptrace and chroot, and cover capabilities. Also maybe a bit about systrace/selinux style approaches where the admin sets the profile from the outside, and why I chose to focus on letting the app sandbox itself instead.


Presenters:

  • Fefe
    Hängt seit gefühlt 1980 jedes Jahr beim Chaos Communication Congress herum, hält gelegentlich Vorträge. Betreibt ein Blog (Link siehe unten). Eigentlich ganz umgänglich. Jedenfalls umgänglicher als man so denken würde. Ausnahmen bestätigen die Regel.

Links:

Similar Presentations: