From d6ff99e5a26698b02744585346e75b18b08a2d61 Mon Sep 17 00:00:00 2001
From: KubeSphere CI Bot <47586280+ks-ci-bot@users.noreply.github.com>
Date: Thu, 31 Oct 2024 11:42:07 +0800
Subject: [PATCH] [release-4.1] fix: there is a serious privilege escalation
 vulnerability in the kubectl terminal tool (#6254)

fix: there is a serious privilege escalation vulnerability in the kubectl terminal tool

Signed-off-by: lingbo <lingbo@lingbohome.com>
Co-authored-by: lingbo <lingbo@lingbohome.com>
---
 pkg/apiserver/apiserver.go      | 1 -
 pkg/models/terminal/terminal.go | 1 -
 2 files changed, 2 deletions(-)

diff --git a/pkg/apiserver/apiserver.go b/pkg/apiserver/apiserver.go
index 354745a8a..15b3a22f1 100644
--- a/pkg/apiserver/apiserver.go
+++ b/pkg/apiserver/apiserver.go
@@ -234,7 +234,6 @@ func (s *APIServer) buildHandlerChain(handler http.Handler, stopCh <-chan struct
 			iamv1beta1.Resource(iamv1beta1.ResourcesPluralGlobalRole),
 			iamv1beta1.Resource(iamv1beta1.ResourcesPluralGlobalRoleBinding),
 			tenantv1beta1.Resource(tenantv1beta1.ResourcePluralWorkspace),
-			tenantv1beta1.Resource(tenantv1beta1.ResourcePluralWorkspace),
 			tenantv1beta1.Resource(clusterv1alpha1.ResourcesPluralCluster),
 			clusterv1alpha1.Resource(clusterv1alpha1.ResourcesPluralCluster),
 			clusterv1alpha1.Resource(clusterv1alpha1.ResourcesPluralLabel),
diff --git a/pkg/models/terminal/terminal.go b/pkg/models/terminal/terminal.go
index 43e6d8501..7c7534fb5 100644
--- a/pkg/models/terminal/terminal.go
+++ b/pkg/models/terminal/terminal.go
@@ -376,7 +376,6 @@ func (t *terminaler) createKubectlPod(ctx context.Context, podName, username str
 					},
 				},
 			},
-			ServiceAccountName: "kubesphere",
 			Volumes: []corev1.Volume{
 				{
 					Name: "host-time",