query(kubernetes): containers_run_with_low_uid >= 1000 instead of 10000 #7225
Labels
Comments
MrRedHead
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Platform
Kubernetes
Description
https://github.com/Checkmarx/kics/blob/master/assets/queries/k8s/containers_run_with_low_uid/query.rego
securityContext.runAsUser should be set to a UID >= 10000This seems a typo, de UID must be equal or higher dan 1000
There is no expliciet reason that the UID must be higher dan >= 10000
The reason is that UID < 1000 are reserved for system users.
External references:
https://www.redhat.com/sysadmin/user-account-gid-uid
"By default, Linux systems automatically assign UIDs and GIDs to new user accounts in numerical order starting at 1000. In other words, if you create a new user account during installation"
https://wiki.archlinux.org/title/Users_and_groups
"UID is the numerical user ID. In Arch, the first login name (after root) for a so called normal user, as opposed to services, is UID 1000 by default; subsequent UID entries for users should be greater than 1000."
Wat is de reason that the UID >= 10000 please give a reference!
The text was updated successfully, but these errors were encountered: