Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Kubernetes 3rd Party Security Audit Findings #81146

Open
cji opened this issue Aug 8, 2019 · 7 comments

Comments

@cji
Copy link
Member

commented Aug 8, 2019

This issue is to track the findings from the recent 3rd party security audit of Kubernetes performed by Trail of Bits and Atredis on behalf of the CNCF. The intent is to have a place to track the community's response and remediation to these issues now that they've been made public.

The full output of the assessment is available on the Security Audit Working Group site, and this issue specifically tracks the findings from the Security Assessment Report.

# Title Issue Status
1 hostPath PersistentVolumes enable PodSecurityPolicy bypass #81110 closed, addressed by kubernetes/website#15756
2 Kubernetes does not facilitate certificate revocation #81111 closed as duplicate of #18982
3 HTTPS connections are not authenticated #81112
4 TOCTOU when moving PID to manager’s cgroup via kubelet #81113
5 Improperly patched directory traversal in kubectl cp #76788
6 Bearer tokens are revealed in logs #81114 closed, assigned CVE-2019-11250, fixed in #81330
7 Seccomp is disabled by default #81115
8 Pervasive world-accessible file permissions #81116
9 Environment variables expose sensitive data #81117
10 Use of InsecureIgnoreHostKey in SSH connections #81118
11 Use of InsecureSkipVerify and other TLS weaknesses #81119
12 Kubeadm performs potentially-dangerous reset operations #81120
13 Overflows when using strconv.Atoi and downcasting the result #81121
14 kubelet can cause an Out of Memory error with a malicious manifest #81122 closed, fixed by #76518
15 Kubectl can cause an Out Of Memory error with a malicious Pod specification #81123
16 Improper fetching of PIDs allows incorrect cgroup movement #81124
17 Directory traversal of host logs running kube-apiserver and kubelet #81125
18 Non-constant time password comparison #81126 closed, fixed by #81152
19 Encryption recommendations not in accordance with best practices #81127
20 Adding credentials to containers by default is unsafe #81128
21 kubelet liveness probes can be used to enumerate host network #81129
22 iSCSI volume storage cleartext secrets in logs #81130 closed, fixed by #81215
23 Hard coded credential paths #81131 closed, awaiting more evidence
24 Log rotation is not atomic #81132
25 Arbitrary file paths without bounding #81133
26 Unsafe JSON construction #81134
27 kubelet crash due to improperly handled errors #81135
28 Legacy tokens do not expire #81136 closed as duplicate of #70679
29 CoreDNS leaks internal cluster information across namespaces #81137
30 Services use questionable default functions #81138
31 Incorrect docker daemon process name in container manager #81139 closed, fixed by #81083
32 Use standard formats everywhere #81140
33 Superficial health check provides false sense of safety #81141
34 Hardcoded use of insecure gRPC transport #81142
35 Incorrect handling of Retry-After #81143
36 Incorrect isKernelPid check #81144 closed, fixed by #81086
37 Kubelet supports insecure TLS ciphersuites #81145

@cji cji added the kind/feature label Aug 8, 2019

@neolit123

This comment has been minimized.

Copy link
Member

commented Aug 8, 2019

thanks for logging these tickets, that's some heavy duty!

/remove-kind feature
/kind bug
/priority important-longterm
(on the average)

@nikhita

This comment has been minimized.

Copy link
Member

commented Aug 8, 2019

/wg security-audit

This was referenced Aug 8, 2019

@jdelta-RBS

This comment has been minimized.

Copy link

commented Aug 9, 2019

As far as the affected versions / branches, I know 1.13.4 was tested. Which versions / branches are affected? Everything from 1.13.4 -> 1.15.2?

@riking

This comment has been minimized.

Copy link

commented Aug 9, 2019

Consider also filing tracking bugs for the Threat Modeling findings (up to TOB-K8S-TM17).

@disconnect3d

This comment has been minimized.

Copy link

commented Aug 13, 2019

@cji I know this is also visible below but maybe it is worth to have another column with 'Status'? On the other hand this would require updating it manually :/.

@cji

This comment has been minimized.

Copy link
Member Author

commented Aug 15, 2019

@jdelta-RBS I think the answer is going to vary based on the issue, making it hard to say for sure. Some of these issues are longer term feature requests that have never existed, so they would affect every version. Others would need to be git blamed to look when the code was introduced to get a real understanding of the versions/branches that are affected, and that has not been done.

@cji

This comment has been minimized.

Copy link
Member Author

commented Aug 15, 2019

@disconnect3d great idea! especially now that some of these are being closed as wontfix or duplicates of other issues, I agree having a status column is helpful to understand the current situation more than just seeing a "closed" label on the referenced issues. I've added the column and will do my best to keep things mostly up to date!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
8 participants
You can’t perform that action at this time.