This week's articles
Kubernetes Pod Escape Using Log Mounts
How a pod running as root and with a mount point to the node's /var/log directory can expose the entire contents of its host filesystem to any user who has access to its logs. Also interesting for understanding how 'kubectl logs' works.
DNS Spoofing on Kubernetes Clusters
How an attacker who manages to run malicious code on a cluster can successfully spoof DNS responses to all the applications running on the cluster, and from there execute a MITM attack on all network traffic of pods.
|