Presented by

  • David Leadbeater

    David Leadbeater
    https://dgl.cx

    David is an open source software engineer for G-Research, a leading UK based quantitative research and technology firm. Previously he worked as a Site Reliability Engineer and applies concepts he learnt in that role to security. His interest in security is wide ranging, from Linux containerisation to networks, with a deep knowledge of DNS (including releasing fun toys like "Wordle over DNS"). He aims to find more CVEs than he creates.

Abstract

Security is often about defence in depth. I'll explore how several open source terminals and tools had vulnerabilities that when combined led to remote code execution in surprising circumstances. I'll then look at how some of these vulnerabilities can be fixed; what all developers who develop for Unix and Windows should be aware of and a method for protecting against these issues in general. YouTube: https://www.youtube.com/watch?v=4kfDBNzStbs LA Archive: http://mirror.linux.org.au/pub/everythingopen/2023/clarendon_room_a/Tuesday/Houdini_of_the_Terminal_The_need_for_escaping.webm