The goal of this workshop is to understand how to sandbox an application with Landlock. We'll quickly explain what is Landlock and how it works, which will enable us to use the user space API and restrict a Linux process. We'll then exploit a vulnerable application (real exploit with an old version of ImageMagick), patch it to limit the scope of such an attack, and check how much effective it is.
Skills required for this workshop:
- fluent in C
- comfortable with Git
Attendees will need a working Linux system and to follow these instructions
before the workshop:
https://github.com/landlock-lsm/workshop-imagemagickWe cannot help you install or configure the requirements during the workshop.
