Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Self Assessment: [STRIDE-DOS-4] Misuse of Infra Admin credentials to create unlimited number of CRDs to exhaust etcd storage #6518

Closed
PushkarJ opened this issue May 13, 2022 · 8 comments
Closed

Security Self Assessment: [STRIDE-DOS-4] Misuse of Infra Admin credentials to create unlimited number of CRDs to exhaust etcd storage #6518

PushkarJ opened this issue May 13, 2022 · 8 comments
Labels
area/security Issues or PRs related to security help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. priority/backlog Higher priority than priority/awaiting-more-evidence. sig/security Categorizes an issue or PR as relevant to SIG Security.

Comments

@PushkarJ
Copy link
Member

PushkarJ commented May 13, 2022
edited
Loading

User Story

As a an operator, I would like to set safe defaults on number of CRDs that can be created especially on a management cluster so that I don't exhaust underlying etcd storage

Detailed Description
Snippet from Cluster API security self-assessment: kubernetes/sig-security#40
STRIDE-DOS-4 - Misuse of Infra Admin credentials to create unlimited number of CRDs to exhaust etcd storage

Infra Admin credentials can be misused by someone who has access to it by
accidentally or maliciously creating a very large number of CRD objects in the
management cluster to exhaust underlying storage of etcd. This could occur as a
side effect of the previous threat of creating an unlimited number of clusters
but can also happen through an unlimited number of nodes and other cluster
resources being added to one or more clusters.

Recommended Mitigations

/kind feature
/area security
/sig security
@k8s-ci-robot k8s-ci-robot added kind/feature Categorizes issue or PR as related to a new feature. area/security Issues or PRs related to security sig/security Categorizes an issue or PR as relevant to SIG Security. labels May 13, 2022
@fabriziopandini
Copy link
Member

/milestone v1.2
It would be interesting to have some figures from users..

@k8s-ci-robot k8s-ci-robot added this to the v1.2 milestone May 22, 2022
@fabriziopandini fabriziopandini added the triage/accepted Indicates an issue or PR is ready to be actively worked on. label Jul 29, 2022
@fabriziopandini fabriziopandini removed this from the v1.2 milestone Jul 29, 2022
@fabriziopandini fabriziopandini removed the triage/accepted Indicates an issue or PR is ready to be actively worked on. label Jul 29, 2022
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 27, 2022
@fabriziopandini
Copy link
Member

/lifecycle frozen
/triage accepted
/help

Still a valid point to document some general best practices, but I think we should rely on core Kubernetes capabilities to limit what a user can do on the API Server / etcd instead of inventig our own custom solution

@k8s-ci-robot
Copy link
Contributor

@fabriziopandini:
This request has been marked as needing help from a contributor.

Guidelines

Please ensure that the issue body includes answers to the following questions:

  • Why are we solving this issue?
  • To address this issue, are there any code changes? If there are code changes, what needs to be done in the code and what places can the assignee treat as reference points?
  • Does this issue have zero to low barrier of entry?
  • How can the assignee reach out to you for help?

For more details on the requirements of such an issue, please see here and ensure that they are met.

If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-help command.

In response to this:

/lifecycle frozen
/triage accepted
/help

Still a valid point to document some general best practices, but I think we should rely on core Kubernetes capabilities to limit what a user can do on the API Server / etcd instead of inventig our own custom solution

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Nov 2, 2022
@k8s-triage-robot
Copy link

This issue has not been updated in over 1 year, and should be re-triaged.

You can:

  • Confirm that this issue is still relevant with /triage accepted (org members only)
  • Close this issue with /close

For more details on the triage process, see https://www.kubernetes.dev/docs/guide/issue-triage/

/remove-triage accepted

@k8s-ci-robot k8s-ci-robot added needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. and removed triage/accepted Indicates an issue or PR is ready to be actively worked on. labels Jan 19, 2024
@fabriziopandini
Copy link
Member

/priority backlog

@k8s-ci-robot k8s-ci-robot added the priority/backlog Higher priority than priority/awaiting-more-evidence. label Apr 12, 2024
@fabriziopandini fabriziopandini mentioned this issue Apr 22, 2024
Open
@fabriziopandini
Copy link
Member

I'm collapsing this issue into #6152 to see if we can make some progess
/close

@k8s-ci-robot
Copy link
Contributor

@fabriziopandini: Closing this issue.

In response to this:

I'm collapsing this issue into #6152 to see if we can make some progess
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/security Issues or PRs related to security help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. priority/backlog Higher priority than priority/awaiting-more-evidence. sig/security Categorizes an issue or PR as relevant to SIG Security.
Projects
No open projects
sig-security-tracker
Status: Done
Milestone
No milestone
Development

No branches or pull requests
4 participants
@PushkarJ @fabriziopandini @k8s-ci-robot @k8s-triage-robot