Join us at the premier vendor-neutral open source conference, where developers and technologists come together to collaborate, share knowledge, and explore the latest innovations and advancements in open source technology. Learn more at https://events.linuxfoundation.org/
Secure Path Operations and Libpathrs - Aleksa Sarai, Independent
Container runtimes and other privileged system tools have historically struggled with safely operating on a path within a directory tree controlled by a malicious user. libpathrs is an open source Rust library which makes it easy to do said path operations (leveraging relatively new kernel features such as openat2 when possible), as well as providing some other safe path-related utilities such as providing safe wrappers to operate on procfs files in a safe way. The goal is to finally close the book on path attacks that have plagued Unix programs since its inception.
These kinds of issues have become quite prevalent over the past few years, and so this talk will go through the series of recent runc security vulnerabilities to show how easy it is to introduce path-based security bugs (even in fairly vigilant programs) and practical examples of how these kinds of holistic protections can help protect all kinds of system programs (not just container runtimes).