[Openstack-security] Deriving Instance UUID
Russell Bryant
rbryant at redhat.com
Tue Dec 10 15:09:49 UTC 2013
On 12/10/2013 10:02 AM, Michael Still wrote:
> Hmmm.
>
> If you know the UUID of an instance, and can assume default
> configurations, then you know a bunch of information about how the
> files on the hypervisor disk are laid out.
>
> Assuming:
> - you're running an old release without patches (I'm thinking Folsom
> from memory?)
> - and have file injection turned on
> - and know the path to another instance's data
> - then that might make it possible to manipulate files in the
> instance directory
>
> This is very theoretical though, there's a lot of assumptions there.
Assuming you can get at the host filesystem, right? And if you can get
to the host filesystem, well ... there's plenty possibilities for bad
things.
--
Russell Bryant
More information about the Openstack-security
mailing list