[virt-tools-list] virt-install and cloud-init, feedback wanted
Daniel P. Berrangé
berrange at redhat.com
Thu Nov 21 10:59:11 UTC 2019
On Thu, Nov 21, 2019 at 11:52:26AM +0100, Florian Weimer wrote:
> * Daniel P. Berrangé:
>
> >> This goes probably in a different direction of what has been implement
> >> so far, but would it actually harm to enable the network-based
> >> instance-data injection by default? The advantage would be that it also
> >> blocks these requests from leaking to untrusted parties, which could
> >> then serve bogus data to compromise the virtual machine.
> >
> > I don't understand what you mean by leaking data to untrusted parties
> > here in contetx of config drive ? I've considerd the config drive to
> > be more secure / less risky than network service.
>
> I'm assuming that cloud-init will try all sources in parallel, given
> that there's a delay for both the network coming about and hardware
> being detected.
IIRC, the network sources all use link-local addresses, so by default
you would need to have configured the 169.254.169.254 on one of the
NICs on the host that the guest can reach. It connects to port 80 on
this address.
Thus to be able to serve malicious data by spoofing the network
metadata service, the host would first need this IP address to be
configured on a NIC, an second something needs to bind to port 80.
Both of these steps require that you already have root on the host
system, so I think the risk here is negligible.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the virt-tools-list
mailing list