public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Blackhole the address 169.254.169.254 after we've obtained the user

Browse Source 
data to prevent non-root processes from getting the private host
  key.

svn path=/nixos/trunk/; revision=33442
This commit is contained in:
Eelco Dolstra 2012-03-27 14:51:08 +00:00
parent 64241a3e90
commit 040042b8a5
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/virtualisation/ec2-data.nix
View File

@ -15,10 +15,12 @@ with pkgs.lib;
task = true; task = true;
path = [ pkgs.curl ]; path = [ pkgs.curl pkgs.iproute ];
script = script =
'' ''
ip route del blackhole 169.254.169.254/32 || true
curl="curl --retry 3 --retry-delay 0 --fail" curl="curl --retry 3 --retry-delay 0 --fail"
echo "setting host name..." echo "setting host name..."
@ -53,6 +55,10 @@ with pkgs.lib;
(umask 077; echo "$key" > /etc/ssh/ssh_host_dsa_key) (umask 077; echo "$key" > /etc/ssh/ssh_host_dsa_key)
echo "$key_pub" > /etc/ssh/ssh_host_dsa_key.pub echo "$key_pub" > /etc/ssh/ssh_host_dsa_key.pub
fi fi
# Since the user data is sensitive, prevent it from being
# accessed from now on.
ip route add blackhole 169.254.169.254/32
''; '';
}; };