Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore the critical security challenges facing container runtimes and Unix programs through this conference talk that examines filesystem-based attacks and path safety vulnerabilities. Delve into the decade-long history of confused-deputy style attacks targeting container runtimes, with particular focus on recent CVEs (CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881) that have affected runc and other container systems. Learn about the fundamental issues that make filesystem APIs like /proc attractive targets for attackers and understand why traditional mitigation approaches have fallen short. Discover ongoing kernel development efforts aimed at simplifying path safety implementations and gain insights from real-world experience migrating container runtime codebases to path-safety-focused designs. Get an update on libpathrs, a library designed to help Linux programs more easily defend against these types of attacks, and understand the broader implications for Unix system security beyond just containerization.
