The hex encoded version of the key is also passed to openssl:
$ echo abcdef0123456789 | /usr/bin/od -A n -t x1 | /bin/sed ':a;N;$!ba;s/[\n
]//g'
616263646566303132333435363738390a
$ aa-decode 616263646566303132333435363738390a
Decoded: abcdef0123456789
# Sign a message with a given key
# sign [key] [msg]
sign () {
/usr/bin/printf "${2}" | /usr/bin/openssl dgst -binary -hex -sha256 -mac
HMAC -macopt hexkey:"${1}" | /bin/sed 's/.* //'
}
(See the hexkey: parameter)
This appears to come via:
AWS_SECRET_ACCESS_KEY=$(/bin/echo "${creds}" | /bin/sed -n
's/.*"SecretAccessKey" : "\(.*\)",/\1/p')
which is from:
creds=$(/usr/bin/curl -s -f -m 1 -H "X-aws-ec2-metadata-token:
${IMDS_TOKEN}" "http://169.254.169.254/latest/meta-data/identity-
credentials/ec2/security-credentials/ec2-instance/")
and IMDS_TOKEN appears to come from:
IMDS_TOKEN="$(/usr/bin/curl -s -f -m 1 -X PUT
"http://169.254.169.254/latest/api/token"; -H "X-aws-ec2-metadata-token-
ttl-seconds: 5")"
Replacing the echo binary with a shell built-in wouldn't hide this key
well.
Can any process on the system simply request such a token itself from
the aws metadata service?
What does knowledge of this key represent?
Thanks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1835114
Title:
[MIR] ec2-instance-connect
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ec2-instance-connect/+bug/1835114/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
