From 1b3f2c0d582bdb2e3e05b971387a793c7cebb6fa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=87=8C=E6=B3=A2?= <lingbo@lingbohome.com>
Date: Thu, 31 Oct 2024 09:48:06 +0800
Subject: [PATCH] fix: there is a serious privilege escalation vulnerability in
 the kubectl terminal tool (#6253)

Signed-off-by: lingbo <lingbo@lingbohome.com>
---
 pkg/apiserver/apiserver.go      | 1 -
 pkg/models/terminal/terminal.go | 1 -
 2 files changed, 2 deletions(-)

diff --git a/pkg/apiserver/apiserver.go b/pkg/apiserver/apiserver.go
index 354745a8a..15b3a22f1 100644
--- a/pkg/apiserver/apiserver.go
+++ b/pkg/apiserver/apiserver.go
@@ -234,7 +234,6 @@ func (s *APIServer) buildHandlerChain(handler http.Handler, stopCh <-chan struct
 			iamv1beta1.Resource(iamv1beta1.ResourcesPluralGlobalRole),
 			iamv1beta1.Resource(iamv1beta1.ResourcesPluralGlobalRoleBinding),
 			tenantv1beta1.Resource(tenantv1beta1.ResourcePluralWorkspace),
-			tenantv1beta1.Resource(tenantv1beta1.ResourcePluralWorkspace),
 			tenantv1beta1.Resource(clusterv1alpha1.ResourcesPluralCluster),
 			clusterv1alpha1.Resource(clusterv1alpha1.ResourcesPluralCluster),
 			clusterv1alpha1.Resource(clusterv1alpha1.ResourcesPluralLabel),
diff --git a/pkg/models/terminal/terminal.go b/pkg/models/terminal/terminal.go
index 43e6d8501..7c7534fb5 100644
--- a/pkg/models/terminal/terminal.go
+++ b/pkg/models/terminal/terminal.go
@@ -376,7 +376,6 @@ func (t *terminaler) createKubectlPod(ctx context.Context, podName, username str
 					},
 				},
 			},
-			ServiceAccountName: "kubesphere",
 			Volumes: []corev1.Volume{
 				{
 					Name: "host-time",