vpc-bridge plugin use hard-coded path to k8s connector binary #100
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue #, if available:
Lower privilege user on Windows can change path to binary in
AWS_VPC_CNI_K8S_CONNECTOR_BINARY_PATH
env variable to execute unintended binary with highest privilege.Description of changes:
Removing env variable AWS_VPC_CNI_K8S_CONNECTOR_BINARY_PATH which was used by CNI to get path to connector binary. CNI plugin will use hard-coded path to binary and execute it i.e.
C:\Program Files\Amazon\EKS\bin\aws-vpc-cni-k8s-connector.exe
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.