2020-11-18 13:28:42 |
Balint Reczey |
bug |
|
|
added bug |
2020-11-18 14:38:51 |
Balint Reczey |
summary |
Please update to upstream release 1.1.13 |
Verify that domain returned from IMDS is an AWS domain |
|
2020-11-18 14:45:46 |
Balint Reczey |
description |
TODO |
[Impact]
The domain returned from IMDS is not verified if it was and AWS domain.
[Test Cases]
0) Deploy an Amazon AWS instance with Instance Connect feature enabled
1) Connect to the instance using Instance Connect, for example by pressing the "Connect" button on the web UI.
2. Within a few ten seconds of connecting run (assuming using the ubuntu username):
bash -x /usr/share/ec2-instance-connect/eic_curl_authorized_keys ubuntu
3) The debug output should show successful validation:
...
++ /usr/bin/curl -s -f -m 1 -H 'X-aws-ec2-metadata-token: ...XXX...==' http://169.254.169.254/latest/meta-data/services/domain/
+ domain=amazonaws.com
+ domain_exit=0
+ '[' 0 -ne 0 ']'
+ is_domain_valid=1
+ for valid_domain in amazonaws.com amazonaws.com.cn c2s.ic.gov sc2s.sgov.gov
+ '[' amazonaws.com = amazonaws.com ']'
+ is_domain_valid=0
+ break
+ '[' 0 -eq 1 ']'
++ /usr/bin/printf managed-ssh-signer.%s.%s us-east-2 amazonaws.com
...
[Regression Potential]
The validation code can fail preventing connection to the VM. Considering that this is a very small amount of code an looks OK this is unlikely.
The validation could also falsely pass, but that would not be a regression since the validation was not there before. |
|
2020-11-18 14:55:48 |
Balint Reczey |
summary |
Verify that domain returned from IMDS is an AWS domain |
Please update to 1.1.13 upstream release |
|
2020-11-18 14:57:10 |
Balint Reczey |
summary |
Please update to 1.1.13 upstream release |
Verify that domain returned from IMDS is an AWS domain |
|
2020-11-18 19:16:08 |
Launchpad Janitor |
ec2-instance-connect (Ubuntu): status |
New |
Fix Released |
|
2020-11-19 10:26:01 |
Łukasz Zemczak |
ec2-instance-connect (Ubuntu Groovy): status |
New |
Fix Committed |
|
2020-11-19 10:26:02 |
Łukasz Zemczak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2020-11-19 10:26:03 |
Łukasz Zemczak |
bug |
|
|
added subscriber SRU Verification |
2020-11-19 10:26:05 |
Łukasz Zemczak |
tags |
|
verification-needed verification-needed-groovy |
|
2020-11-19 10:28:42 |
Łukasz Zemczak |
ec2-instance-connect (Ubuntu Focal): status |
New |
Fix Committed |
|
2020-11-19 10:28:46 |
Łukasz Zemczak |
tags |
verification-needed verification-needed-groovy |
verification-needed verification-needed-focal verification-needed-groovy |
|
2020-11-19 10:29:32 |
Łukasz Zemczak |
ec2-instance-connect (Ubuntu Bionic): status |
New |
Fix Committed |
|
2020-11-19 10:29:35 |
Łukasz Zemczak |
tags |
verification-needed verification-needed-focal verification-needed-groovy |
verification-needed verification-needed-bionic verification-needed-focal verification-needed-groovy |
|
2020-11-19 10:32:34 |
Łukasz Zemczak |
ec2-instance-connect (Ubuntu Xenial): status |
New |
Fix Committed |
|
2020-11-19 10:32:37 |
Łukasz Zemczak |
tags |
verification-needed verification-needed-bionic verification-needed-focal verification-needed-groovy |
verification-needed verification-needed-bionic verification-needed-focal verification-needed-groovy verification-needed-xenial |
|
2020-11-24 16:08:27 |
Balint Reczey |
tags |
verification-needed verification-needed-bionic verification-needed-focal verification-needed-groovy verification-needed-xenial |
verification-done verification-done-bionic verification-done-focal verification-done-groovy verification-done-xenial |
|
2020-11-26 10:10:26 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2020-11-26 10:13:23 |
Launchpad Janitor |
ec2-instance-connect (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
2020-11-26 10:15:24 |
Launchpad Janitor |
ec2-instance-connect (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
2020-11-26 10:16:07 |
Launchpad Janitor |
ec2-instance-connect (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
2020-11-26 10:20:31 |
Launchpad Janitor |
ec2-instance-connect (Ubuntu Groovy): status |
Fix Committed |
Fix Released |
|