Date Added: Apr 2010
In many designs, the slightest error in the source code may become an exploitable vulnerability, granting an attacker barely restricted or unrestricted access to a system. This paper will first show how to design the code to be more robust to well-known classes of vulnerabilities and secondly, how to generically mitigate the consequences of such a vulnerability by dropping privileges and reducing attack surfaces. There are a surprising number of options in Linux to manage privileges, but using them tends to be nuanced. The paper will discuss the technical aspects of various options and explain how to mix them to raise the bar to a system compromise from a sophisticated attacker.