So if I understand correctly there are two separate issues with potential security implications:
Issue (a) is that anyone can attach an interface to an "external" network -- what are the security consequences of that ? Unexpected snooping ? What are the natural security expectations of an "external" network ?
Issue (b) is a bug affecting removal of instances making use of such interfaces -- I don't really see an attack vector in that one. You can make it so that you can't delete your own instances. That sounds like a regular bug ?
So if I understand correctly there are two separate issues with potential security implications:
Issue (a) is that anyone can attach an interface to an "external" network -- what are the security consequences of that ? Unexpected snooping ? What are the natural security expectations of an "external" network ?
Issue (b) is a bug affecting removal of instances making use of such interfaces -- I don't really see an attack vector in that one. You can make it so that you can't delete your own instances. That sounds like a regular bug ?