Terraform Sys Admin Capability Added
Description
Detects when containers are configured with SysAdmin capabilities in Kubernetes manifests. This is a critical security risk since SysAdmin capabilities give containers powerful system-level privileges that could be used to escape container isolation and compromise the host system.
Detection Strategy
• Scans Kubernetes resource files (like Pod, Deployment, StatefulSet) for container security configurations
• Examines container spec sections within these resources looking for capability definitions
• Identifies when 'SYS_ADMIN' capability is added to containers through securityContext or capabilities fields
• Reports a vulnerability when containers are granted SysAdmin privileges, regardless of other security settings
Vulnerable code example
resource "kubernetes_pod" "example" {
metadata {
name = "vulnerable-pod"
}
spec {
container {
name = "container"
image = "nginx"...✅ Secure code example
resource "kubernetes_pod" "example" {
metadata {
name = "secure-pod"
labels = {
app = "web"
}
}
spec {...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.