You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The bug is that the Deployment vitess-operator in the manifests has too much RBAC permissions than it needs. The service account of vitess-operator is bound to a role(role.yaml) with the following permissions:
create/patch/update/delete verb of the daemonsets/deployments/pods/replicasets/statefulsets resource (Role)
patch/update/delete verb of the services resource (Role)
After reading the source code of vitess-operator, I didn't find any Kubernetes API usages using these permissions. Besides, some of these unused permissions may have potential risks. For example, if malicious users gain control of a Kubernetes node running a vitess-operator pod, they can use the create deployments permission to create privileged containers with malicious container images.
Therefore, these permissions should be rechecked to determine if they are truly unnecessary. If they are, the issue should be fixed by removing the unnecessary permissions or other feasible methods.
To Reproduce
Use the manifests with default values.
The text was updated successfully, but these errors were encountered:
Description
The bug is that the Deployment vitess-operator in the manifests has too much RBAC permissions than it needs. The service account of
vitess-operator
is bound to a role(role.yaml) with the following permissions:create/patch/update/delete
verb of thedaemonsets/deployments/pods/replicasets/statefulsets
resource (Role)patch/update/delete
verb of theservices
resource (Role)After reading the source code of vitess-operator, I didn't find any Kubernetes API usages using these permissions. Besides, some of these unused permissions may have potential risks. For example, if malicious users gain control of a Kubernetes node running a
vitess-operator
pod, they can use thecreate deployments
permission to create privileged containers with malicious container images.Therefore, these permissions should be rechecked to determine if they are truly unnecessary. If they are, the issue should be fixed by removing the unnecessary permissions or other feasible methods.
To Reproduce
Use the manifests with default values.
The text was updated successfully, but these errors were encountered: