Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

aggregate-to-view RBAC for gmsacredentialspecs #161

Open
avin3sh opened this issue Nov 20, 2024 · 3 comments
Open

aggregate-to-view RBAC for gmsacredentialspecs #161

avin3sh opened this issue Nov 20, 2024 · 3 comments
Labels
sig/windows Categorizes an issue or PR as relevant to SIG Windows.

Comments

@avin3sh
Copy link

avin3sh commented Nov 20, 2024

gmsacredentialspecs doesn't contain anything sensitive and to ease cluster management we should include aggregate-to-view RBAC for gmsacredentialspecs.

Happy to send across a PR if there is an agreement.
@avin3sh avin3sh added the sig/windows Categorizes an issue or PR as relevant to SIG Windows. label Nov 20, 2024
@jsturtevant
Copy link
Contributor

This seems fine to me. @aravindhp @marosset thoughts?

@jsturtevant
Copy link
Contributor

https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles

@marosset
Copy link
Contributor

it could expose some inforamtion aroudn the layout of the network (which dns name, SID, etc). I don't think this is sensitive but could be used to craft other attacks.
I'm indifferent as to if we should expose this or not

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
sig/windows Categorizes an issue or PR as relevant to SIG Windows.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jsturtevant @avin3sh @marosset