F20 System Wide Change: Visible Cloud

Matthew Miller mattdm at fedoraproject.org
Tue Jul 16 14:20:34 UTC 2013


On Tue, Jul 16, 2013 at 10:47:28AM +0200, Florian Weimer wrote:
> Do these images support instance data injection by default?  Then we
> need to make absolutely clear that it's unsafe to run them outside
> an environment that filters instance data injection requests.  For
> example, these images must not be installed on a bare-metal system
> connected to the public Internet, or used to set up guests on a
> regular hypervisor.

Absolutely. They use cloud-init and would be vulnerable to attack on any
network running an EC2 or Nova compatible metadata service. (I do boot them
on my own laptop, but I've configured the guest network carefully.)


-- 
Matthew Miller  ☁☁☁  Fedora Cloud Architect  ☁☁☁  <mattdm at fedoraproject.org>


More information about the devel mailing list