Techniques for Writing Secure Code

Sandboxing (chroot on Unix)

• Probably require assistance from the BOFH

• Application should run as unprivileged user in sandbox

• If application is cracked, user sees only a tiny portion of the filesystem, and can do minimal damage to the machine