libpathrs: securing path operations for system tools (asg2024) episode artwork

EPISODE · Sep 26, 2024 · 23 MIN

libpathrs: securing path operations for system tools (asg2024)

from Chaos Computer Club - archive feed · host Aleksa Sarai

Container runtimes and other privileged system management tools have historically struggled with safely operating on a path within a directory tree controlled by a malicious user. [libpathrs][] is a library which makes it easy to do said path operations, as well as providing some other safe path-related utilities such as providing safe wrappers to operate on procfs files in a safe way. [libpathrs]: https://github.com/openSUSE/libpathrs As part of the kernel work on openat2(2) and continuing kernel work to make magic-links safer (against both confused deputy attacks and resource re-opening attacks), the need for a library to make it easy to do all sorts of VFS operations safely became obvious, and so [libpathrs][] was born. [libpathrs][] uses openat2(2) if available, but has a fallback to the old fashioned (and more finicky) method of doing safe-ish path resolutions. This talk will talk about how [libpathrs][] works and how it can help secure container runtimes and privileged system management tools against attacks, as well as touching on some ongoing kernel work which would allow for even more hardening. After the talk, slides will be available from [my site](https://www.cyphar.com/talks). [libpathrs]: https://github.com/openSUSE/libpathrs Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/ZZFL7L/

Episode metadata supplied by the publisher feed · Published Sep 26, 2024

Container runtimes and other privileged system management tools have historically struggled with safely operating on a path within a directory tree controlled by a malicious user. [libpathrs][] is a library which makes it easy to do said path operations, as well as providing some other safe path-related utilities such as providing safe wrappers to operate on procfs files in a safe way. [libpathrs]: https://github.com/openSUSE/libpathrs As part of the kernel work on openat2(2) and continuing kernel work to make magic-links safer (against both confused deputy attacks and resource re-opening attacks), the need for a library to make it easy to do all sorts of VFS operations safely became obvious, and so [libpathrs][] was born. [libpathrs][] uses openat2(2) if available, but has a fallback to the old fashioned (and more finicky) method of doing safe-ish path resolutions. This talk will talk about how [libpathrs][] works and how it can help secure container runtimes and privileged system management tools against attacks, as well as touching on some ongoing kernel work which would allow for even more hardening. After the talk, slides will be available from [my site](https://www.cyphar.com/talks). [libpathrs]: https://github.com/openSUSE/libpathrs Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/ZZFL7L/

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

libpathrs: securing path operations for system tools (asg2024)

0:00 23:02

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

LIGHTS, CAMERA, SMILE! Creatives Club Media Lights, Camera, Smile, is a podcast for anyone with a dream to share something with the world, out of the overflow of themselves - be it their mind, their heart, their personalities, and much more. Each of us are alive in this moment in time, with an innate ability to have ideas and create various things to benefit both ourselves and the people around us for a reason, and here, you will find the encouragement, the inspiration, and the motivation to do just that. Hosted by Cicily, founder of Creatives Club, she dives into various topics surrounding creativity and business. Exploring entrepreneurship for creatives in a corporate reality, sharing tips and tricks in a media centered company, answering questions regarding what a creative actually is are just a few of the things discussed on this podcast. Be encouraged to create for yourself as Cicily gets vulnerable by pivoting the camera to herself for the first time.To submit questions for Cicily to answer, or have her address certain t The PFN Cincinnati Bengals Podcast Pro Football Network The PFN Cincinnati Bengals Podcast is where you can stay up-to-date with the latest news and analysis on the Cincinnati Bengals! Our hosts, industry experts Jay Morrison and Dallas Robinson, provide weekly coverage of all the latest rumors and updates about the Bengals. Don’t forget to follow the show to receive new episodes directly in your podcast feed and leave a rating and review to let us know your thoughts. Piramidi Club The Bitcoin Butcher La Migliore Pizza di Firenze Blue Light News Archive Blue Light News is an innovative new Internet radio show devoted to covering the news of Unicoi County in a unique and interesting way.

Frequently Asked Questions

How long is this episode of Chaos Computer Club - archive feed?

This episode is 23 minutes long.

When was this Chaos Computer Club - archive feed episode published?

This episode was published on September 26, 2024.

What is this episode about?

Container runtimes and other privileged system management tools have historically struggled with safely operating on a path within a directory tree controlled by a malicious user. [libpathrs][] is a library which makes it easy to do said path...

Can I download this Chaos Computer Club - archive feed episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!