Comment 0 for bug 1638312
Revision history for this message
| Scott Moser (smoser) wrote ec2 credentials cached on disk | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
On EC2, instance metadata can include credentials that remain valid for as much
as 6 hours. Reading these and allowing them to be pickled represents a
potential vulnerability if a snapshot of the disk is taken and shared as part
of an AMI.
Note that:
a.) the simple fact of storing the credentials in a file that is readable only by root is not a serious problem as any attacker on the system has access to the network available data.
b.) General care needs to be taken for anyone "capturing" an ami and then making it public.
the suggested fix is to skip security-