[Cloud-init-dev] [Bug 1835114] Re: [MIR] ec2-instance-connect

2019-08-14 Thread Seth Arnold
** Attachment added: "shellcheck.txt" https://bugs.launchpad.net/ubuntu/+source/ec2-instance-connect/+bug/1835114/+attachment/5282470/+files/shellcheck.txt ** Changed in: ec2-instance-connect (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received this

[Cloud-init-dev] [Bug 1835114] Re: [MIR] ec2-instance-connect

2019-08-14 Thread Seth Arnold
At a high level I'm concerned about several parts of this tool's design: - First, it puts an incredibly high level of trust in the metadata service. This may make sense in the context of executing on the Amazon platform, but is positively dangerous outside the Amazon platform. It's