Speaker
Description
Over the past decade (or three) of container runtimes on Linux, the attacks against container runtimes with the most bang-for-your-buck have generally been filesystem related—often in the form of a confused-deputy style attack. In particular, the past few years have seen quite a few security issues of this form, including a series of issues in runc (the most popular container runtime, used by Kubernetes and Docker).
However, this is far from a container-specific issue. Many Unix programs have historically suffered from similar issues, and the various attempts at resolving it have not really measured up.
This talk will go through the myriad of issues necessary to protect user space programs against these kinds of attacks, completed and ongoing kernel work to try to make these problems easier to resolve, and our experience migrating a container runtime's codebase to a design which emphasises path-safety.