Skip to content

Security: worker RBAC grants pods/exec in the control-plane namespace, and the mutation-safety gate is hardwired open #76

Description

@haasonsaas

Summary

The worker's Role is scoped to the shared namespace where the API and its secrets live, and the double-opt-in mutation gate is permanently satisfied in the only production deployment.

Evidence

  • deploy/kubernetes/worker.yaml:20-27: the worker Role grants create/update/patch/delete plus pods/exec on all pods in sandboxwich — the same namespace as sandboxwich-api and the sandboxwich-secrets Secret. A compromised worker (or an exec-path bug) can kubectl exec into API pods and read SANDBOXWICH_DATABASE_URL.
  • deploy/kubernetes/worker.yaml:107-108,117: sets SANDBOXWICH_K8S_ENABLE_MUTATION=1 and passes --confirm-apply, so the gate at provider.rs:857-864 is always open — it's safety theater.

Why it matters

Blast radius: a single worker bug or compromise reaches the database credential and every control-plane pod.

Suggested fix

  • Run sandboxes in a dedicated namespace and scope the worker Role there; grant the worker nothing in the control-plane namespace.
  • Constrain exec to sandboxwich-* pods (ValidatingAdmissionPolicy or resourceNames-style constraints).

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions