"Arbitrary File Read via file:// Protocol in cURL"

Well, you see... 🤦‍♂️

OVER x SLIDES & VIDEOS

📣 #pts25 is now over, thanks so much to our speakers and attendees for their kindness and generosity 🙏

🚨 As always, due to the fantastic job of the team 🔥, you can browse/follow *all* talks:

📖 Slides: https://archives.pass-the-salt.org/Pass%20the%20SALT/2025/slides/
🎦 Videos : https://passthesalt.ubicast.tv/channels/#2025

Thanks again & we wish you a fantastic summer ❤️ 😎

Just for future reference and if anyone is curious: the seventeen AI slop security reports submitted to #curl (so far):

https://gist.github.com/bagder/07f7581f6e3d78ef37dfbfc81fd1d1cd

Maybe this will come handy.

If you're attending the Linux Security Summit in Europe this year, don't miss the talk from @l0kod on the long journey to supporting code integrity in dynamic runtimes!

https://lsseu2025.sched.com/event/25GEQ

Background on the Kernel support for this that just recently merged: https://docs.kernel.org/userspace-api/check_exec.html

TIL that because the FFmpeg project has gained so much experience in hand-writing assembly code to provide huge speedups, they now are putting together a series of lessons for learning assembly:

Vibe coding is fun and all, but this is probably a better use of time!

https://github.com/FFmpeg/asm-lessons

New blog post (about an old exploit): tachy0n.

For iOS 13.0-13.5, dropped as an 0day at the time.

https://blog.siguza.net/tachy0n/