- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 15 for escalation (0.15 sec)
-
pkg/apis/rbac/v1/evaluation_helpers.go
return true } } return false } // CompactString exposes a compact string representation for use in escalation error messages func CompactString(r rbacv1.PolicyRule) string { formatStringParts := []string{} formatArgs := []interface{}{} if len(r.APIGroups) > 0 { formatStringParts = append(formatStringParts, "APIGroups:%q")
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Jan 18 15:37:57 UTC 2023 - 3.8K bytes - Viewed (0) -
pkg/registry/rbac/role/policybased/storage.go
See the License for the specific language governing permissions and limitations under the License. */ // Package policybased implements a standard storage for Role that prevents privilege escalation. package policybased import ( "context" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime"
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Nov 18 10:11:16 UTC 2022 - 3.9K bytes - Viewed (0) -
pkg/registry/rbac/clusterrolebinding/policybased/storage.go
See the License for the specific language governing permissions and limitations under the License. */ // Package policybased implements a standard storage for ClusterRoleBinding that prevents privilege escalation. package policybased import ( "context" rbacv1 "k8s.io/api/rbac/v1" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime"
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Nov 18 10:11:16 UTC 2022 - 4.9K bytes - Viewed (0) -
pkg/registry/rbac/clusterrole/policybased/storage.go
See the License for the specific language governing permissions and limitations under the License. */ // Package policybased implements a standard storage for ClusterRole that prevents privilege escalation. package policybased import ( "context" "errors" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime"
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Nov 18 10:11:16 UTC 2022 - 5.2K bytes - Viewed (0) -
pkg/registry/rbac/rolebinding/policybased/storage.go
See the License for the specific language governing permissions and limitations under the License. */ // Package policybased implements a standard storage for RoleBinding that prevents privilege escalation. package policybased import ( "context" rbacv1 "k8s.io/api/rbac/v1" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime"
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Nov 18 10:11:16 UTC 2022 - 5.5K bytes - Viewed (0) -
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy_test.go
ret.edit = &role case "system:aggregate-to-view": ret.view = &role } } return ret } // viewEscalatingNamespaceResources is the list of rules that would allow privilege escalation attacks based on // ability to view (GET) them var viewEscalatingNamespaceResources = []rbacv1.PolicyRule{ rbacv1helpers.NewRule(bootstrappolicy.Read...).Groups("").Resources("pods/attach").RuleOrDie(),
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Apr 12 15:45:31 UTC 2023 - 9.5K bytes - Viewed (0) -
platforms/core-runtime/base-services/src/main/java/org/gradle/internal/SystemProperties.java
} public String getLineSeparator() { return System.getProperty("line.separator"); } /** * @deprecated Using the temporary directory on UNIX-based systems can lead to local privilege escalation or local sensitive information disclosure vulnerabilities. */ @Deprecated @SuppressWarnings("InlineMeSuggester") public String getJavaIoTmpDir() { return System.getProperty("java.io.tmpdir");
Registered: Wed Jun 12 18:38:38 UTC 2024 - Last Modified: Wed May 29 06:47:40 UTC 2024 - 7.6K bytes - Viewed (0) -
plugin/pkg/admission/noderestriction/admission.go
} // Don't allow a node to create its Node API object with the config source set. // We scope node access to things listed in the Node.Spec, so allowing this would allow a view escalation. if node.Spec.ConfigSource != nil { return admission.NewForbidden(a, fmt.Errorf("node %q is not allowed to create pods with a non-nil configSource", nodeName)) }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Mar 07 21:22:55 UTC 2024 - 23.6K bytes - Viewed (0) -
common-protos/k8s.io/api/policy/v1beta1/generated.proto
// process can gain more privileges than its parent process. // +optional optional bool defaultAllowPrivilegeEscalation = 15; // allowPrivilegeEscalation determines if a pod can request to allow // privilege escalation. If unspecified, defaults to true. // +optional optional bool allowPrivilegeEscalation = 16; // allowedHostPaths is an allowlist of host paths. Empty indicates // that all host paths may be used.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Mar 11 18:43:24 UTC 2024 - 19.6K bytes - Viewed (0) -
CHANGELOG/CHANGELOG-1.28.md
- [CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3955-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation) - [CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3676-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation) - [Changes by Kind](#changes-by-kind-10)
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Jun 11 23:47:59 UTC 2024 - 408.3K bytes - Viewed (0)