This repository has been archived by the owner on Sep 30, 2020. It is now read-only.
(linux) 169.265.169.254 on loopback is shared outside of loopback interface #30
Comments
|
Found a fix. Patch forthcoming |
jagibson
added a commit
to jagibson/ec2metadata-role-assumption
that referenced
this issue
Jun 28, 2018
…sue farrellit#30 where Linux will share the 169.254.169.254 address across the local network. It also lets us be OS-agnostic.
farrellit
pushed a commit
that referenced
this issue
Jul 10, 2018
Use docker network instead of loopback ; use port 80 instead of 4567 (#30)
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Only the 127.0.0.0/8 IP address range stays on the loopback interface in Linux. Any other address space will be presented to the network as just another address. Consequently 169.265.169.254 will be shared out to at least the local network. This can cause problems if multiple people on the network are running ec2metadata at the same time. In fact, other users will be able to operate on my own assumed role.
I have not found a way to force Linux to treat 169.255.169.254 as it would 127.0.0.1 and truly keep it internal to the host. I'm still researching that. Possible workarounds are denying traffic (including arp) in iptables or going back to the old method of just using iptables entirely.
The text was updated successfully, but these errors were encountered: