[Cloud-init-dev] [Bug 1835114] Re: [MIR] ec2-instance-connect

2019-08-14 Thread Seth Arnold
** Attachment added: "shellcheck.txt" https://bugs.launchpad.net/ubuntu/+source/ec2-instance-connect/+bug/1835114/+attachment/5282470/+files/shellcheck.txt ** Changed in: ec2-instance-connect (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received this

[Cloud-init-dev] [Bug 1835114] Re: [MIR] ec2-instance-connect

2019-08-14 Thread Seth Arnold
At a high level I'm concerned about several parts of this tool's design: - First, it puts an incredibly high level of trust in the metadata service. This may make sense in the context of executing on the Amazon platform, but is positively dangerous outside the Amazon platform. It's

[Cloud-init-dev] [Bug 1835114] Re: [MIR] ec2-instance-connect

2019-07-03 Thread Christian Ehrhardt 
Also while thinking about it, ~5-8 curl calls fro every SSH login can be quite expensive. I know it fortunately has an early exit but that still is 2 curl requests. If this is installed in any place without the endpoint at 169.254.169.254 being responsive and super fast this could lead to a very

[Cloud-init-dev] [Bug 1835114] Re: [MIR] ec2-instance-connect

2019-07-03 Thread Francis Ginther
** Tags added: id-5cbf801e21a2a0662e2718a9 -- You received this bug notification because you are a member of cloud- init commiters, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1835114 Title: [MIR] ec2-instance-connect Status in ec2-instance-connect package in

[Cloud-init-dev] [Bug 1835114] Re: [MIR] ec2-instance-connect

2019-07-03 Thread Christian Ehrhardt 
Since before we had a lot of text @cloud-nit team - please review and ack that this is no conflict with what/how cloud-init is/will provide. -- You received this bug notification because you are a member of cloud- init commiters, which is subscribed to the bug report.

[Cloud-init-dev] [Bug 1835114] Re: [MIR] ec2-instance-connect

2019-07-03 Thread Christian Ehrhardt 
[Summary] It seems mostly to me packaging wise, but I think there are a bunch of things needed to be doen to complete this. We need: - an ack by the cloud-init Team that this does not conflict with our usual services provided through cloud init - I'm subscribing the cloud-init Team to give it