logo dotConferences

Privilege Separation and Pledge

Theo de Raadt at dotSecurity 2016

Privilege separation is a programming technique which splits a program into distrinct units. Each unit then performs part of the task, but in a distinct security domain. Theo presents the recent development of the pledge(2) subsystem in OpenBSD which led to some surprising advances in this technique.


To see the slides, you can click here