Security Problems with Symbolic Links in UNIX File Systems

Explore a technical conference talk from the Storage Developer Conference 2022 that delves into the security vulnerabilities and design flaws introduced by symbolic links in the UNIX Filesystem API. Learn about CVE-2021-20316 and how it exposed fundamental problems with symbolic links that originated in 4.2BSD Unix from U.C. Berkeley. Discover the security implications, necessary API patches, and potential solutions for a more secure Linux future. Google/Samba Team member Jeremy Allison explains how to identify and address symbolic link security issues, implement proper code fixes, and leverage the latest Linux innovations to mitigate these vulnerabilities. Gain practical insights into filesystem security, symbolic link management, and modern Linux security features during this 54-minute presentation.