| holmanb | minimal: hahaha | 03:17 |
|---|---|---|
| holmanb | userdata _is_ root | 03:18 |
| holmanb | cloud-init isn't doing any privilege escalation there | 03:22 |
| holmanb | The article starts with: | 03:22 |
| holmanb | If an adversary has access to the modify-instance attribute permission they can leverage it to escalate to root/System on an EC2 instance. | 03:22 |
| holmanb | Which is just silly because modify-instance can do things like modify the kernel/initrd/etc | 03:23 |
| holmanb | I've seen around a dozen articles that say similar things and they all have one thing in common: a misunderstanding of cloud-init (or in this case the cloud) | 03:27 |
| holmanb | If you can already modify the kernel, you have root already - cloud-init is completely irrelevant. | 03:30 |
| holmanb | It's equivalent to saying "assume you have root, then escalate to root" | 03:40 |
| === tds0 is now known as tds | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!