[openstack-dev] Nova config drive rebuilding

Robert Collins robertc at robertcollins.net
Wed Aug 7 09:15:26 UTC 2013

On 7 August 2013 18:42, Uri Simchoni <uri_simchoni at hotmail.com> wrote:

> Looking at the http-based alternative, can it be made to be more secure? On my OVS-based system I was able to easily steal the metadata of another instance on the same network by changing my instance's IP address. It appears to be suitable only for publishing things to instances, but not for sharing secrets.

The instance anti-spoofing rules should have prevented that - the fact
you were able to change your instance ip (unless you fiddled behind
nova's back in the neutron db) is a very unexpected and serious bug.
As Scott says - file a bug.

The HTTP alternative should be quite secure, though unless your
overlay network is also encrypted there is room for someone with
direct access to the infrastructure network to snoop metadata requests
(or even forge them by arp spoofing your hypervisor hosts). So we
should take care to improve that layer too, but it's not conceptually
hard. And - someone with direct access to your infrastructure network
is able to do many other nasty things indeed :)


Robert Collins <rbtcollins at hp.com>
Distinguished Technologist
HP Converged Cloud

More information about the OpenStack-dev mailing list