0
[$] The difficulty of safe path traversal
Aleksa Sarai, as the maintainer of the
runc container runtime, faces a
constant battle against security problems. Recently, runc has seen
another
instance of a security vulnerability that can be traced back to the difficulty
of handling file paths on Linux. Sarai spoke at the 2025
Linux Plumbers Conference
(slides;
video)
about
some of the problems runc has had with path-traversal vulnerabilities, and to
ask people to please use
libpathrs, the library that he has been developing for
safe path traversal.
runc container runtime, faces a
constant battle against security problems. Recently, runc has seen
another
instance of a security vulnerability that can be traced back to the difficulty
of handling file paths on Linux. Sarai spoke at the 2025
Linux Plumbers Conference
(slides;
video)
about
some of the problems runc has had with path-traversal vulnerabilities, and to
ask people to please use
libpathrs, the library that he has been developing for
safe path traversal.
Anonymous