(no title)
hayali
|
1 year ago
In this talk, I will introduce Syd, a GPL-3 licensed, rock-solid application kernel designed for sandboxing applications on Linux systems (version 5.19 and above). Over the past 16 years, Syd has evolved from a tool used within Exherbo Linux to detect package build mishaps into a robust security boundary for applications. The recent rewrite in Rust leverages modern Linux APIs such as seccomp-unotify(2), openat2(2), and pidfd_getfd(2) to eliminate time-of-check to time-of-use (TOCTTOU) vulnerabilities, which is essential for building a secure sandbox.
No comments yet.