openstack team mailing list archive

[Ewan Mellor <Ewan.Mellor@xxxxxxxxxxxxx>]

I think that people are scared of the rootkit-like behavior of an arbitrary file injection mechanism.  Compromise nova-compute, and now you can trivially compromise every guest in the whole cloud.

In some sense that's irrational - I'm sure that there are lots of ways that you can gain control of a guest, once you've compromised nova-compute.  That said, we shouldn't make it easy for people, and what you're proposing would be one of the easiest of the lot.  I think that someone should think long and hard about security before we add a simple way to inject arbitrary files into a guest.

Cheers,

Ewan.

From: openstack-bounces+ewan.mellor=citrix.com@xxxxxxxxxxxxxxxxxxx [mailto:openstack-bounces+ewan.mellor=citrix.com@xxxxxxxxxxxxxxxxxxx] On Behalf Of McNally, Dave
Sent: 14 December 2011 06:04
To: openstack@xxxxxxxxxxxxxxxxxxx
Subject: [Openstack] Metadata and File Injection

Hi,

I've recently been looking at file and metadata injection in Nova and I have a question relating to it.

(BTW this is based off what I have seen in nova/virt/disk.py)

I notice that for key/value pairs specified as metadata during boot of an instance these values are injected into a file /meta.js in the instance. However if a file (and corresponding injection location) are specified when booting the instance the file does not get injected.

I was wondering if there was an intentional decision not to use a similar method to that used when injecting meta.js to inject other files? Because it seems to me the addition of such functionality would be fairly straightforward.

Also on a vaguely related note why is the metadata injected into a file rather than stored in a location where it can be retrieved from the metadata service?

Thanks,

Dave