Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why are Minikube clusters launched with `--vm-driver=none` vulnerable to CSRF?

Tags:

csrf

minikube

When launching a Minikube instance with the --vm-driver=none option one is greeted with this warning:

WARNING: IT IS RECOMMENDED NOT TO RUN THE NONE DRIVER ON PERSONAL WORKSTATIONS
    The 'none' driver will run an insecure kubernetes apiserver as root that may 
    leave the host vulnerable to CSRF attacks

Why is the host vulnerable? How would such an attack work?

like image 995
Niel de Wet Avatar asked Aug 06 '18 13:08

Niel de Wet

1 Answers

A cross site request forgery is an attack:

that tricks a user into accidentally using their credentials to invoke a state changing activity

The argument --vm-driver=none:

this driver can be used to run the Kubernetes cluster components on the host instead of in a VM.

The documentation on attacks inside the minikube is scarce. Basically when you use --vm-driver=none the kubectl config and credentials will be root owned and will be available in the home directory. You need to move them and set appropriate permissions. Also as the secret tokens that are usually used to protect from those kind of attacks would be easily accessible by the attacker. If you do not move the components and set the permissions they could become a potential vector in using the apiserver as a confused deputy when introducing the request as root.

I think that the most dangerous part is: --vm-driver=none exposes the whole process as root. Your kubeapi is running as root. If an attacker could exploit that he would get control of a process operating inside the kernel that runs as a root - and that as we know makes the attacker the owner of the system and could become a gateway not only for the CSFR attack.

Also it is worth mentioning that security is not a priority concern in minikube as it is mostly tool for learning if you would like something more security focused you could consider kubeadm which is:

is a toolkit for bootstrapping a best-practises Kubernetes cluster on existing infrastructure.

Here are some historical conversations of Kubernetes developers about implementing CSRF and performing this kind of attacks that you can find here:

Harden master API against web attacks #10351

This is what I was able to find, I would recommend you to try to ask developers on GitHub, filling the issue to get more precise information.

like image 160
aurelius Avatar answered Jan 18 '23 23:01

aurelius
Sign in to Comment

Related questions

CodeIgniter use CSRF protection only in some pages
Why is my CSRF token empty when using Form::open()?
Can't verify CSRF token authenticity in rails
Symfony 2 Add CSRF Token when using a form without a class
CSRF and RESTful API (symfony2, php)
Spring CSRF token does not work, when the request to be sent is a multipart request
CSRF on GAE Endpoints with oAuth
How does the MVC anti forgery token survive between web server restarts?
how to verify referrer inside a MVC or Web Api ajax call
CSRF tokens to not match what is in session (Rails 4.1)
Rails 6 - constant ActionController::InvalidAuthenticityToken
Preventing CSRF for websockets
Is CSRF mandatory for a backend REST application consuming JSON only?
The anti-forgery cookie token and form field token do not match when using WebApi
CSRF and CORS with Django (REST Framework)
AntiForgeryToken changes per request
How to handle CSRF in preflighted CORS POST request in django?
Laravel's CSRF token and load balancing
How to prevent Cross-site request forgery (CSRF) effectively in PHP

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!