diff options
author | Andrew Jorgensen <ajorgens@amazon.com> | 2016-11-01 10:54:31 -0400 |
---|---|---|
committer | Scott Moser <smoser@brickies.net> | 2017-01-20 13:48:08 -0500 |
commit | b71592ce0e0a9f9f9f225315015ca57b312ad30d (patch) | |
tree | 785f47c903b57b5b32cc59f69a1eab4431da0d38 /tools/make-tarball | |
parent | 145410f81c144a46cf5ce0324ff4454fa9f54ad0 (diff) | |
download | vyos-cloud-init-b71592ce0e0a9f9f9f225315015ca57b312ad30d.tar.gz vyos-cloud-init-b71592ce0e0a9f9f9f225315015ca57b312ad30d.zip |
EC2: Do not cache security credentials on disk
On EC2, instance metadata can include credentials that remain valid for as
much as 6 hours. Reading these and allowing them to be pickled represents
a potential vulnerability if a snapshot of the disk is taken and shared as
part of an AMI.
This skips security-credentials when walking the meta-data tree.
LP: #1638312
Reviewed-by: Ian Weller <iweller@amazon.com>
Reviewed-by: Ben Cressey <bcressey@amazon.com>
Reported-by: Kyle Barnes <barnesky@amazon.com>
Diffstat (limited to 'tools/make-tarball')
0 files changed, 0 insertions, 0 deletions