**Brief approach**- Show a non-destructive proof-of-concept that writes a tiny benign file into the hostPath mount visible inside the container (e.g., container sees /host → host /var/somepath). - Emphasize prerequisites (what permissions/capabilities would be required), safety, and forensic artifacts to collect.**Preconditions / permissions**- Writable hostPath mount mounted into the pod (e.g., container path /host). If the process UID inside container can write to /host, no elevated Linux capabilities needed.- If host filesystem enforces ownership/ACLs, elevated capabilities that allow bypassing permission checks may be required (examples: CAP_DAC_OVERRIDE to bypass file permissions; CAP_SYS_ADMIN for mount/namespace escape). This PoC does not attempt privilege escalation — it only writes where allowed.**Safe Python PoC (non-destructive)**python
#!/usr/bin/env python3
# PoC: write a benign proof file to a hostPath-mounted directory visible at /host
# Safety: only writes a single text file, verifies path exists, does not modify other files.
import os, sys, time
HOST_MOUNT = "/host" # path inside container that maps to host
PROOF_SUBPATH = "pentest-proof"
PROOF_NAME = "proof.txt"
PROOF_CONTENT = "pentest-proof: user=pod-simulated time={}\n".format(time.asctime())
target_dir = os.path.join(HOST_MOUNT, PROOF_SUBPATH)
# Safety checks
if not os.path.exists(HOST_MOUNT):
print("Host mount not present:", HOST_MOUNT); sys.exit(2)
if not os.path.isdir(target_dir):
try:
# only create our dedicated directory under the mount
os.makedirs(target_dir, mode=0o700, exist_ok=True)
except PermissionError:
print("Cannot create directory — insufficient permissions"); sys.exit(3)
proof_path = os.path.join(target_dir, PROOF_NAME)
# Write only a short, benign proof file
with open(proof_path, "w", encoding="utf-8") as f:
f.write(PROOF_CONTENT)
# Print location for reporting
print("Wrote benign proof file to:", proof_path)
**Key reasoning**- Using a dedicated subdirectory avoids touching existing host files.- The file content is clearly identifiable and timestamped; harmless text shows write capability.- The PoC refrains from executing host binaries or changing permissions beyond the created directory.**Forensic artifacts to collect**- From host (requested from ops during engagement): file metadata (stat: inode, mode, uid/gid, mtime/ctime), file contents, parent directory listing.- /proc/self/mountinfo and /proc/mounts from host and container to show the mount mapping.- Container runtime logs (dockerd/cri), kubelet logs, and systemd journal entries around the timestamp.- auditd logs (if enabled): SELinux AVC denials, audit entries for open/write syscalls.- dmesg and kernel logs for capability uses.- Kubernetes API event history and pod spec showing hostPath volume config.- Hash (SHA256) of proof file and known-good host file listings to prove no tampering.**Reporting notes**- Clearly state the PoC is non-destructive, the exact path written, timestamps, required privileges, and remediation: avoid writable hostPath for untrusted pods, enforce fsGroup/UID mapping, use readOnly hostPath or restrict with PodSecurityPolicies / Pod Security Admission, and remove dangerous capabilities (CAP_DAC_OVERRIDE, CAP_SYS_ADMIN) from containers.