oxzi
Computer programs run with all privileges of the running user. If your user can read your emails, then so can any other program you run. However, many programs do not need most permissions and perhaps should not have them at all.
This workshop demonstrates quite simple ways in which software can self-restrict itself. The focus will not be on foreign, potentially malicious software, but on hardening programs against misconduct and future security vulnerabilities.
Several operating systems have developed different interfaces that restrict software beyond its normal scope. This workshop will focus on POSIX and especially OpenBSD because of its user-friendly APIs. Although other operating systems, such as Linux, will be discussed, they will not be covered in depth due to their more complicated APIs.
Within the workshop part, software with known security vulnerabilities is then patched together - usually with almost a single line. Ideally, an exploit has hardly any effect afterwards, although the vulnerability is still present. This is not intended to encourage carelessness, but rather to demonstrate the development of a further safety net for software.
A basic understanding of programming is required and, more importantly, an interest in the topic. You will need to bring an SSH client, for example a laptop with (almost) any operating system.
The language will be either English or German, depending on who shows up.