search

the-gigi / hands-on-microservices-with-kubernetes-code

Code samples for the upcoming book "Hands-on microservices with Kubernetes"
9 stars 7 forks source link

Security Misconfiguration: Privilege Escalation and Privileged Security Context #2

Open akondasif opened 3 years ago

akondasif commented 3 years ago

Dear Colleague,

We are looking to find ways to help developers find security misconfigurations, i.e., violation of security best practices in Kubernetes manifests. We noticed one instance of privilege escalation, and was wondering if you will repair this. For examples of Kubernetes security misconfigurations we are using our peer-reviewed publication on Kubernetes security best practices (https://arxiv.org/pdf/2006.15275.pdf).

Location: https://github.com/the-gigi/hands-on-microservices-with-kubernetes-code/blob/d1fbbf7003246aa7eb57410caad5b5f7393e3deb/ch6/privileged-pod.yaml#L12

The fix to this security anti-pattern is submitted as a pull request: https://github.com/the-gigi/hands-on-microservices-with-kubernetes-code/pull/1

We would like to hear if you agree to fix this misconfiguration or have fixed the misconfiguration.

akondasif commented 3 years ago

Privileged security context is also an anti-pattern.

Location: https://github.com/the-gigi/hands-on-microservices-with-kubernetes-code/blob/d1fbbf7003246aa7eb57410caad5b5f7393e3deb/ch6/privileged-pod.yaml#L11

Fix: https://github.com/the-gigi/hands-on-microservices-with-kubernetes-code/pull/1

We would like to hear if you agree to fix this misconfiguration or have fixed the misconfiguration.