F20 System Wide Change: Visible Cloud
Matthew Miller
mattdm at fedoraproject.org
Tue Jul 16 14:22:30 UTC 2013
On Tue, Jul 16, 2013 at 10:58:52AM +0100, Richard W.M. Jones wrote:
> Cloud-init is reasonably careful about where it gets the data from.
> By default it looks first for a config drive (a specially formatted
> block device which has to be explicitly added to the VM), and then
> secondly for a webserver on a link-local IPv4 address (usually
> 169.254.169.254). Also, if configured, a specially formatted virtual
> floppy or virtual CD-ROM drive can be used. None of these can be used
> to remotely exploit a VM "connected to the public Internet [etc]."
The attack would be something else on the link-local network responding to
169.254.169.254. So it's not "the public internet" in general, but
connecting to an untrusted network.
--
Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm at fedoraproject.org>
More information about the devel
mailing list