Menu
Menu
Privilege separation is a programming technique which splits a program into distrinct units. Each unit then performs part of the task, but in a distinct security domain. Theo presents the recent development of the pledge(2) subsystem in OpenBSD which led to some surprising advances in this technique.