On 2025-09-02 09:19:51 -0400 (-0400), Jonathan Proulx wrote: [...]
Restricting access to metadata would be a surprising default as other Distribitions and cloud platforms (AWS ) don't so there's pretty wide expectation that unpriveleged users can get this information.
[...]Indeed, circa 2016 the OpenStack Security Group published OSSN-0074[*] advising that "The Nova metadata service should not be considered a secure repository of confidential information required by compute instances." Basically, users should not store sensitive data there because it's not even guaranteed to have access limited to the corresponding instance depending on how the service is deployed. As far as I know (and I've been heavily involved in OpenStack's vulnerability management for about 13 years now) the guidance hasn't changed to say it's a safe place to communicate sensitive information intended only for that instance, much less for specific users within an operating system running on the instance.
I've had some recent discussions with OpenStack Nova (compute service) developers about safe mechanisms for passing data from the hypervisor host through to the guest instance such that it would be serialized over something like a kernel device pseudofile. So far I'm not aware of anyone actively working on anything like that, merely proof-of-concept example scripts I've seen floating around.
[*] https://wiki.openstack.org/wiki/OSSN/OSSN-0074 -- Jeremy Stanley
Attachment:
signature.asc
Description: PGP signature