[Contribution] Cross Container Attacks: The Bewildered eBPF on Clouds

[ramimac]

Summary (give a brief description of the issue)

Specifically, we also find that the Google Cloud Shell can be exploited as it exposes the docker.sock to containers, allowing attackers to create a privileged container to run eBPF

Three platforms’ default Kubernetes clusters (i.e., Alibaba ACK, Azure AKS, and AWS EKS) containers over-privileged Pods. ... Azure, AWS, and Alibaba have confirmed the issues and plan to remove these overprivileged Pods

References (provide links to blogposts, etc.)

Cross Container Attacks: The Bewildered eBPF on Clouds