back

Check your privileges!

How to drop more of your privileges to reduce attack surface.

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
01:00:47
Language
English
Abstract
After defensive programming techniques and before attack method mitigations, the least privilege principle is our strongest weapon against exploitation. Much of the focus has been on how the admin can sandbox processes away.

A recent development is the idea that the process itself can „sandbox itself away“. This talk explores how that works in practice and is aimed at interested programmers.

This talk will mostly focus on seccomp-filter and namespaces on Linux, but it will also talk about capsicum (FreeBSD) and tame (OpenBSD), and old-school methods like ptrace and chroot, and cover capabilities. Also maybe a bit about systrace/selinux style approaches where the admin sets the profile from the outside, and why I chose to focus on letting the app sandbox itself instead.

Talk ID
7284
Event:
32c3
Day
3
Room
Hall 2
Start
4 p.m.
Duration
01:00:00
Track
Security
Type of
lecture
Speaker
Fefe
Talk Slug & media link
32c3-7284-check_your_privileges
English
0.0% Checking done0.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
100.0% Nothing done yet100.0%
  

Work on this video on Amara!

English: Transcribed until

Last revision: 2 years, 10 months ago