Sandboxing in Linux with Zero Lines of Code

Explore the powerful Linux seccomp tool for sandboxing running processes and enhancing application security in this conference talk from NDC Security 2024. Discover how seccomp provides fine-grained controls for processes to declare permitted and restricted actions in advance, often with zero performance overhead. Learn about the challenges developers face in implementing seccomp, including the focus on functionality over security and the lack of easy-to-use abstractions for high-level programming languages. Delve into potential approaches for sandboxing any application in any programming language without writing code, examining their advantages and disadvantages. Gain insights into improving application security and mitigating potential damage from code exploitation without compromising development efficiency.

Sandboxing in Linux with zero lines of code - Ignat Korchagin - NDC Security 2024