On Tue, Oct 3, 2017 at 11:00 PM, Giuseppe de Candia < [email protected]> wrote:
> Hi Folks, > > > Are there any documented conventions regarding the security model for > MetaData? > > > Note that CloudInit allows passing user and ssh service public/private > keys via MetaData service (or ConfigDrive). One assumes it must be secure, > but I have not found a security model or documentation. > > > My understanding of the Neutron reference implementation is that MetaData > requests are HTTP (not HTTPS) and go from the VM to the MetaData proxy on > the Network Node (after which they are proxied to Nova meta-data API > server). The path from VM to Network Node using HTTP cannot guarantee > confidentiality and is also susceptible to Man-in-the-Middle attacks. > > > Some Neutron drivers proxy Metadata requests locally from the node hosting > the VM that makes the query. I have mostly seen this presented/motivated as > a way of removing dependency on the Network node, but it should also > increase security. Yet, I have not seen explicit discussions of the > security model, nor any attempt to set a standard for security of the > meta-data. > > Finally, there do not seem to be granular controls over what meta-data is > presented over ConfigDrive (when enabled) vs. meta-data REST API. As an > example, Nova vendor data is presented over both, if both are enabled; > config drive is presumably more secure. > > thanks, > Pino > > > The recommendation is not to use metadata for security sensitive data (its possible to spoof by setting a X-Forwarded header), please see the following OpenStack Security Note on the topic: https://wiki.openstack.org/wiki/OSSN/OSSN-0074
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
