Red Hat Bugzilla – Bug 1308871
cloud-init: Following symlinks for ssh authorized_keys
Last modified: 2016-06-02 00:31:57 EDT
It was found that SSH key handling code follows symlinks, allowing malicious user to create symlink from ~/.ssh pointing to arbitrary place.
Created cloud-init tracking bugs for this issue:
Affects: fedora-all [bug 1308874]
Affects: epel-all [bug 1308875]
There is no realistic attack vector here (the bug report assumes that an unprivileged user can write to a different user's directories). Hence closing the bug.