My text. There I explain the basics on how to properly sandbox (discretionary privilege dropping) programs written using Emilua (the ASIO-based execution engine for Lua programs).<p>I've tried my best to make the text hopefully useful to programmers from any language so the few Lua samples in the article are only there to illustrate the concepts. Some of the topics found in the article:<p>* UNIX basics focusing on Linux and FreeBSD.
* General sandboxing concepts and how to apply them in Linux and FreeBSD.
* The actor model and capability-based security (and how to combine them).
* Oblivious sandboxing to run/reuse unmodified code within sandboxes.
* Threat models.
* Seccomp, Landlock, Capsicum, ...
* A few guidelines for the C programmer.