0

I recognized that vscode remote will run a wget instance to call 169.254.x.x.

I had used Digital Ocean MetaData API so I think it seems like checking if it is running on Azure VMs via the main.js .

I checked the route that it doesn't run a server listening on this IP address and the http request must be failed.

But I am still confused about:

  1. Will this cause security issues?

  2. What is it doing?

  3. Is there any way stop this?

Here is the log of itself:

[IPC Library: Pty Host]  WARN Shell integration cannot be enabled for executable "/bin/sh" and args [
  '-c',
  'wget --version > /dev/null\n' +
    'if [ $? -eq 0 ]\n' +
    'then\n' +
    "\twget --connect-timeout=7 --tries=1 --dns-timeout=7 -q --header='Metadata:true' -O - http://169.254.169.254/metadata/instance?api-version=2019-03-11\n" +
    'else\n' +
    '\tcurl --version > /dev/null\n' +
    '\tif [ $? -eq 0 ]\n' +
    '\tthen\n' +
    "\t\tcurl --connect-timeout 7 -s --header='Metadata:true' http://169.254.169.254/metadata/instance?api-version=2019-03-11\n" +
    '\tfi\n' +
    'fi\n' +
    'exit 0'
]
[IPC Library: Pty Host]  WARN Shell integration cannot be enabled for executable "/bin/sh" and args [
  '-c',
  'wget --version > /dev/null\n' +
    'if [ $? -eq 0 ]\n' +
    'then\n' +
    '\twget --connect-timeout=7 --tries=1 --dns-timeout=7 -q  -O - http://169.254.169.254/latest/meta-data/instance-id\n' +
    'else\n' +
    '\tcurl --version > /dev/null\n' +
    '\tif [ $? -eq 0 ]\n' +
    '\tthen\n' +
    '\t\tcurl --connect-timeout 7 -s  http://169.254.169.254/latest/meta-data/instance-id\n' +
    '\tfi\n' +
    'fi\n' +
    'exit 0'
]
[IPC Library: Pty Host]  WARN Shell integration cannot be enabled for executable "/bin/sh" and args [
  '-c',
  'wget --version > /dev/null\n' +
    'if [ $? -eq 0 ]\n' +
    'then\n' +
    '\twget --connect-timeout=7 --tries=1 --dns-timeout=7 -q  -O - http://169.254.169.254/metadata/v1/id\n' +
    'else\n' +
    '\tcurl --version > /dev/null\n' +
    '\tif [ $? -eq 0 ]\n' +
    '\tthen\n' +
    '\t\tcurl --connect-timeout 7 -s  http://169.254.169.254/metadata/v1/id\n' +
    '\tfi\n' +
    'fi\n' +
    'exit 0'
]
[IPC Library: Pty Host]  WARN Shell integration cannot be enabled for executable "/bin/sh" and args [
  '-c',
  'wget --version > /dev/null\n' +
    'if [ $? -eq 0 ]\n' +
    'then\n' +
    "\twget --connect-timeout=7 --tries=1 --dns-timeout=7 -q --header='Metadata-Flavor:Google' -O - http://metadata.google.internal/computeMetadata/v1/instance/id\n" +
    'else\n' +
    '\tcurl --version > /dev/null\n' +
    '\tif [ $? -eq 0 ]\n' +
    '\tthen\n' +
    "\t\tcurl --connect-timeout 7 -s --header='Metadata-Flavor:Google' http://metadata.google.internal/computeMetadata/v1/instance/id\n" +
    '\tfi\n' +
    'fi\n' +
    'exit 0'
]

VSCode Search Result

Improve this question
3
  • There might be no direct security risk to external systems or data. Can you elaborate a little bit more on the issue or ask! @ShenLin Commented Jan 8 at 7:44
  • @Jahnavi I don't know what details you want. I'm here to make sure this is a good idea: "We only need to run this on Azure. Not all machines." If I get some responses saying "I hope it won't run on non-Azure machines" is a good idea, then I'll file an ISSUE. Commented Jan 9 at 8:05
  • You can block the metadata IP using an /etc/hosts entry to redirect 169.254.169.254 to localhost. For example:**127.0.0.1 169.254.169.254** This ensures that any requests to the metadata IP fail instantly. Commented Jan 10 at 7:23
Related questions
137
How to save a file in vscode-remote SSH with a non-root user privileges
97
VScode remote connection error: The process tried to write to a nonexistent pipe
75
Using "Remote SSH" in VSCode on a target machine that only allows inbound SSH connections
Load 6 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.