Handling the Kubernetes symbolic link vulnerability
Handling the Kubernetes symbolic link vulnerability
Posted Dec 27, 2018 23:32 UTC (Thu) by dvdeug (guest, #10998)In reply to: Handling the Kubernetes symbolic link vulnerability by rweikusat2
Parent article: Handling the Kubernetes symbolic link vulnerability
Saying a filesystem is empty except for a few directories when it in fact had several GB of data in it before and during du's run is not "approximate".
Operators are often programs, frequently written in shell. If they use rm or du, they are subject to these types of attack. Even when operators are human, the fact that they literally can not operate these programs without getting into these race conditions is a concern if this approach is clearly broken.