DevSecFlops #intro #systems #casestudy #survey #findings #contrib #thanks Sandboxing is when a developer limits available system resources to a program from within its own source code. A classic example is calling chroot(2) to change the root file-system to an empty directory so that the program cannot scribble into the root file-system. int main(void) { /* Program has full file-system access. */ chroot("/var/empty"); chdir("/"); /* File-system root re-rooted in /var/empty. */ int fd = open("/e...