Comment 49 for bug 1878234
Revision history for this message
| Christophe de Dinechin (i-christophe) wrote | #49 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
> Folks, just to be clear (I lost the context after
> the regexp stuff), is this a vulnerability bug? (yes/no)
Yes.
> If it is, then we should warn other projects like podman
> and cri-o since something similar can be done with their
> annotations.
But don't you need to have root access on the machine in these cases?
> From my point of view, this is not a bug, by default no user has
> access to the cluster, the admin must grant him/her access:
Understood, but that access is intended to run a workload in a container, and this gives access to what is outside the containers. So you can reboot the host, copy all the data to some other nodes, etc.
In other words, does cluster admin granting the access rights above expects the user to be able to shutdown worker nodes at will from a remote machine? What was given was a key to the cluster, not a ssh key to the root user.