search

IBM / cloud-native-starter

Cloud Native Starter for Java/Jakarta EE based Microservices on Kubernetes and Istio
https://cloud-native-starter.mybluemix.net/
Apache License 2.0
518 stars 273 forks source link

Security Misconfigurations: true hostPID, true hostIPC, HTTP without TLS #69

Closed akondasif closed 3 years ago

akondasif commented 3 years ago

Dear Colleague,

We are looking to find ways to help developers find security misconfigurations, i.e., violation of security best practices in Kubernetes manifests. We have noticed an instance of hostPID: true in one of your Kubernetes manifests. Sharing the host's PID namespace allows visibility of processes on the host, potentially leaking information such as environment variables and configuration. For examples of Kubernetes security misconfigurations we are following our peer-reviewed publication on Kubernetes security best practices (https://arxiv.org/pdf/2006.15275.pdf).

Location of security anti-pattern: https://github.com/IBM/cloud-native-starter/blob/86d74e600ff3d69b48b7d7c10e86db659b238acc/openshift-scripts/es-daemonset.yaml#L19

Fix: https://github.com/IBM/cloud-native-starter/pull/68

We would like to hear if you agree to fix this misconfiguration or have fixed the misconfiguration.

akondasif commented 3 years ago

We have noticed an instance of hostIPC: true in one of your Kubernetes manifests. Sharing the host's IPC namespace allows container processes to communicate with processes on the host.. For examples of Kubernetes security misconfigurations we are following our peer-reviewed publication on Kubernetes security best practices (https://arxiv.org/pdf/2006.15275.pdf).

Location: https://github.com/IBM/cloud-native-starter/blob/86d74e600ff3d69b48b7d7c10e86db659b238acc/openshift-scripts/es-daemonset.yaml#L20

We would like to hear if you agree to fix this misconfiguration or have fixed the misconfiguration.

akondasif commented 3 years ago

Dear Colleague,

We are looking to find ways to help developers find security misconfigurations, i.e., violation of security best practices in Kubernetes manifests. We have noticed an instance of HTTP without TLS/SSL in one of your Kubernetes manifests. The recommended practice is use of secure HTTP for each team's development and production environment. Enabling TLS ensures secure communication between cluster components.

Location of security anti-patterns:

https://github.com/IBM/cloud-native-starter/blob/86d74e600ff3d69b48b7d7c10e86db659b238acc/authors-java-jee/deployment/deployment.yaml#L26

https://github.com/IBM/cloud-native-starter/blob/86d74e600ff3d69b48b7d7c10e86db659b238acc/authors-java-jee/deployment/deployment.yaml#L30

Please use SSL/TLS to fix this misconfiguration. We would like to hear if you agree to fix this misconfiguration or have fixed the misconfiguration.

thomassuedbroecker commented 3 years ago

Thanks for your feedback