Users can gain access to their containers/pods by having the system to run docker exec / kubectl exec on their behalf.
There was an issue with the docker exec / kubectl exec commands that allowed a user to get access to the shell running the commands because the user input command was passed as a string directly on in the shell command string.
That was fixed by quoting the user input string, but to mitigate these kinds of attacks, we want to avoid the user getting shell access even if they somehow break out of the docker exec / kubectl exec command.
Users can gain access to their containers/pods by having the system to run docker exec / kubectl exec on their behalf.
There was an issue with the docker exec / kubectl exec commands that allowed a user to get access to the shell running the commands because the user input command was passed as a string directly on in the shell command string.
That was fixed by quoting the user input string, but to mitigate these kinds of attacks, we want to avoid the user getting shell access even if they somehow break out of the docker exec / kubectl exec command.