What are the risks associated with overly permissive pod creation in Kubernetes? The answer varies based on which of the host’s namespaces and security contexts are allowed. In this post, I will describe eight insecure pod configurations and the corresponding methods to perform privilege escalation. This article and the accompanying repository were created to help penetration testers and administrators better understand common misconfiguration scenarios.
If you are an administrator, I hope that this post gives you the confidence to apply restrictive controls around pod creation by default. I also hope it helps you consider isolating any pods that need access to the host’s resources to a namespace that is only accessible to administrators using the principle of least privilege.
If you are a penetration tester, I hope this post provides you with some ideas on how to demonstrate the impact of an overly permissive pod security policy. And I hope that the repository gives you some easy-to-use manifests and actionable steps to achieve those goals.
Executive Summary:
When it comes to Kubernetes security best practices, every checklist worth its salt mentions that you want to use the principle of least privilege when provisioning pods. But how can we enforce granular security controls and how do we evaluate the risk of each attribute?
A Kubernetes administrator can enforce the principle of least privilege using admission controllers. For example, there’s a built-in Kubernetes controller called PodSecurityPolicy and also a popular third-party admission controller called OPA Gatekeeper. Admission controllers allow you to deny a pod entry into the cluster if it has more permissions than the policy allows.
However, even though the controls exist to define and enforce policy, the real-world security implications of allowing each specific attribute is not always understood, and quite often, pod creation is not as locked down as it needs to be.
As a penetration tester, you might find yourself with access to create pods on a cluster where there is no policy enforcement. This is what I like to refer to as “easy mode.” Use this manifest from Rory McCune (@raesene), this command from Duffie Cooley (@mauilion), or the node-shell krew plugin and you will have fully interactive privileged code execution on the underlying host. It doesn’t get easier than that!
But what if you can create a pod with just, hostNetworkhostPIDhostIPChostPathprivileged
The pods below are loosely ordered from highest to lowest security impact. Note that the generic attack paths that could affect any Kubernetes pod (e.g., checking to see if the pod can access the cloud provider’s metadata service or identifying misconfigured Kubernetes RBAC) are covered in Bad Pod #8: Nothing allowed.
Pods
Bad Pod #1: Everything allowed
Bad Pod #2: Privileged and hostPid
Bad Pod #3: Privileged only
Bad Pod #4: hostPath only
Bad Pod #5: hostPid only
Bad Pod #6: hostNetwork only
Bad Pod #7: hostIPC only
Bad Pod #8: Nothing allowed
.jpg?width=700&name=Check%20Box%20-%20Door%20Idea%20FINAL%2001%20-%20300PPI%20(1).jpg)
Multiple paths to full cluster compromise
The pod you create mounts the host’s filesystem to the pod. You’ll have the best luck if you can schedule your pod on a control-plane node using the nodeName selector in your manifest. You then execchroot
etcdnodeNameetcdhttps://github.com/BishopFox/badPods/tree/main/manifests/everything-allowed
.jpg?width=700&name=Check%20Box%20-%20Door%20Idea%20FINAL%2002%20-%20300PPI%20(1).jpg)
Multiple paths to full cluster compromise
In this scenario, the only thing that changes from the everything-allowed pod is how you gain root access to the host. Rather than chrootnsenter
Why does it work?
Privileged — The privileged: truehostPIDnsenterprivileged: true
Privileged + hostPIDhostPID: trueprivileged: trueinit
Once you are root on the host, the privilege escalation paths are all the same as described in Bad Pod # 1: Everything-allowed.
https://github.com/BishopFox/badPods/tree/main/manifests/priv-and-hostpid
.jpg?width=700&name=Check%20Box%20-%20Door%20Idea%20FINAL%2003%20-%20300PPI%20(1).jpg)
Multiple paths to full cluster compromise
If you only have privileged: true
Mount the host’s filesystem — In privileged mode, /devmount
Exploit cgroup
Whichever option you choose, the Kubernetes privilege escalation paths are largely the same as the Bad Pod #1: Everything-allowed.
https://github.com/BishopFox/badPods/tree/main/manifests/priv
.jpg?width=700&name=Check%20Box%20-%20Door%20Idea%20FINAL%2004%20-%20300PPI%20(1).jpg)
Multiple paths to full cluster compromise
In this case, even if you don’t have access to the host’s process or network namespaces, if the administrators have not limited what you can mount, you can mount the entire host’s filesystem into your pod, giving you read/write access on the host’s filesystem. This allows you to execute most of the same privilege escalation paths outlined above. There are so many paths available that Ian Coldwater and Duffie Cooley gave an awesome Black Hat 2019 talk about it titled “The Path Less Traveled: Abusing Kubernetes Defaults!”
Here are some privileged escalation paths that apply any time you have access to a Kubernetes node’s filesystem:
Look for kubeconfigcluster-admin
Access the tokens from all pods on the node — Use something like kubectl auth can-i --listkube-system
Add your SSH key — If you have network access to SSH to the node, you can add your public key to the node and SSH to it for full interactive access.
Crack hashed passwords — Crack hashes in /etc/shadow
https://github.com/BishopFox/badPods/tree/main/manifests/hostpath
.jpg?width=700&name=Check%20Box%20-%20Door%20Idea%20FINAL%2005%20-%20300PPI%20(1).jpg)
Application or cluster credential leaks if an application in the cluster is configured incorrectly. Denial of service via process termination.
There’s no clear path to get root on the node with only hostPID
View processes on the host — When you run pshostPID: true
Look for passwords, tokens, keys, etc. — If you are lucky, you will find credentials and you can then use them to escalate privileges in the cluster, to escalate privileges to services supported by the cluster, or to escalate privileges to services that communicate with cluster-hosted applications. It’s a long shot, but you might find a Kubernetes service account token or some other authentication material that will allow you to access other namespaces and eventually escalate all the way to cluster admin.
Kill processes — You can also kill any process on the node (presenting a denial-of-service risk). Because of this risk though, I would advise against it on a penetration test!
https://github.com/BishopFox/badPods/tree/main/manifests/hostpid
.jpg?width=700&name=Check%20Box%20-%20Door%20Idea%20FINAL%2006%20-%20300PPI%20(2).jpg)
Potential path to cluster compromise
If you only have hostNetwork: true
Sniff traffic — You can use tcpdump
Access services bound to localhost — You can also reach services that only listen on the host’s loopback interface or that are otherwise blocked by network policies. These services might turn into a fruitful privilege escalation path.
Bypass network policy — If a restrictive network policy is applied to the namespace, deploying a pod with hostNetwork: true
https://github.com/BishopFox/badPods/tree/main/manifests/hostnetwork
.jpg?width=700&name=Check%20Box%20-%20Door%20Idea%20FINAL%2007%20-%20300PPI%20(1).jpg)
Ability to access data used by any pods that also use the host’s IPC namespace
If any process on the host or any processes in a pod uses the host’s inter-process communication mechanisms (shared memory, semaphore arrays, message queues, etc.), you’ll be able to read/write to those same mechanisms. The first place you'll want to look is /dev/shmhostIPC: trueipcs
Inspect /dev/shm — Look for any files in this shared memory location.
Inspect existing IPC facilities — You can check to see if any IPC facilities are being used with /usr/bin/ipcs
https://github.com/BishopFox/badPods/tree/main/manifests/hostipc
.jpg?width=700&name=Check%20Box%20-%20Door%20Idea%20FINAL%2008%20-%20300PPI%20(1).jpg)
Multiple potential paths to full cluster compromise
To close our bad Pods lineup, there are plenty of attack paths that should be investigated any time you can create a pod or simply have access to a pod, even if there are no security attributes enabled. Here are some things to look for whenever you have access to a Kubernetes pod:
Accessible cloud metadata — If the pod is cloud hosted, try to access the cloud metadata service. You might get access to the IAM credentials associated with the node or even just find a cloud IAM credential created specifically for that pod. In either case, this can be your path to escalate in the cluster, in the cloud environment, or in both.
Overly permissive service accounts — If the namespace’s default service account is mounted to /var/run/secrets/kubernetes.io/serviceaccount/token
Misconfigured Kubernetes components — If either the apiserver or the kubelets have anonymous-authtrue
Kernel, container engine, or Kubernetes exploits — An unpatched exploit in the underlying kernel, in the container engine, or in Kubernetes can potentially allow a container escape or access to the Kubernetes cluster without any additional permissions.
Hunt for vulnerable services — Your pod will likely see a different view of the network services running in the cluster than you can see from the machine you used to create the pod. You can hunt for vulnerable services and applications by proxying your traffic through the pod.
https://github.com/BishopFox/badPods/tree/main/manifests/nothing-allowed
Apart from the Bad Pod #8: Nothing Allowed example, all of the privilege escalation paths covered in this blog post (and the respective repository) can be mitigated with restrictive pod security policies.
Additionally, there are many other defense-in-depth security controls available to Kubernetes administrators that can reduce the impact of or completely thwart certain attack paths even when an attacker has access to some or all of the host namespaces and capabilities (e.g., disabling the automatic mounting of service account tokens or requiring all pods to run as non-root by enforcing MustRunAsNonRoot=trueallowPrivilegeEscalation=false
Administrators are sometimes hard pressed to defend security best practices without examples that demonstrate the security implications of risky configurations. I hope the examples laid out in this post and the manifests contained in the Bad Pods repository help you enforce the principle of least privilege when it comes to Kubernetes pod creation in your organization.