Starting a process in a running containerprovides an attacker withtemporary execution (foothold)inside the cluster, but once the container is stopped or restarted, that malicious process is lost. This means the attacker has nolong-term persistence.
Incorrect options:
(A) Modifying objects inetcdgrants persistent access since cluster state is stored in etcd.
(B) Modifying files on thehost filesystemcan create persistence across reboots or container restarts.
(D) Creating a restarting container directly on the host via Docker bypasses Kubernetes but persists across pod restarts if Docker restarts it.
[References:, CNCF Security Whitepaper – Threat Modeling section: Describes howephemeral processes inside containersprovide attackers short-term control but not durable persistence., Kubernetes Documentation – Cluster Threat Model emphasizes ephemeral vs. persistent attacker footholds., ]
Submit