Techly NewsGet the app

Get the latest tech news

Syd: An Introduction to Secure Application Sandboxing for Linux [video]


- Track: Security - Room: UB4.132 - Day: Saturday - Start: 10:30 - End: 11:00 - Video only: ub4132 - Chat: Join the conversation! In this talk, I will introduce Syd, a GPL-3 licensed, rock-solid application kernel designed for sandboxing applications on Linux systems (version 5.19 and above). Over the past 16 years, Syd has evolved from a tool used within Exherbo Linux to detect package build mishaps into a robust security boundary for applications.

Syd aims to provide a simple interface over complex Linux sandboxing mechanisms -- including Landlock LSM, namespaces, ptrace(2), and seccomp-BPF/Notify-- which are often considered brittle and difficult to use. This approach is somewhat similar to OpenBSD's pledge(2) system call, offering a practical way to restrict application behavior. I will also discuss how Syd addresses common security challenges such as TOCTOU issues and side-channel attacks, aligning with a threat model similar to that of seccomp.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Linux

Linux

Photo of video

video

Photo of introduction

introduction

Related news:

News photo

Linux 6.13 Performance For 250Hz vs. 1000Hz Timer Frequency Comparison

News photo

Adobe to Charge 50 Cents Per AI Video in New Product Launch

News photo

'Key kernel maintainers' still back Rust in the Linux kernel, despite the doubters

« Go Away Green
YouTube TV reportedly fixing an outage that affected a few major free channels »